token-tracker-daily
v1.0.0Token 消耗追踪工具。当用户需要监控 API token 使用情况、生成每日/每周消耗报告、分析使用趋势时使用此 Skill。功能包括:自动记录每次对话的 token 消耗、生成数据表格报告、计算使用趋势和预测、支持定时推送日报。
⭐ 0· 131·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the included scripts (log_token.py, daily_report.py, weekly_report.py) which read/write a local data/token_log.json and produce reports — no unrelated capabilities are requested. Minor incoherence: SKILL.md and README instruct running scripts from a scripts/ directory (e.g., scripts/log_token.py) while the manifest shows the .py files at the repository root; file paths should be reconciled so users know the correct invocation path.
Instruction Scope
Runtime instructions only tell the agent/user to run local Python scripts, read/write data/token_log.json, and optionally schedule cron jobs. The instructions do not request other system files, environment secrets, or network access. Note: the cron examples use a 'cron add' command that may not exist on all systems (installation/scheduling is left to the user).
Install Mechanism
No install spec is provided (instruction-only), and included code is plain Python with no downloads or external installers. Nothing in the install surface writes or executes remote code.
Credentials
The skill declares no required environment variables, credentials, or external config paths. The code only reads/writes a local JSON data file; it does not access secrets or network endpoints.
Persistence & Privilege
always:false and no autonomous privileging are present. The only persistence/change to system state suggested is adding cron jobs for scheduled reports (user-managed). The skill does not modify other skills or global agent configs.
Assessment
This skill appears to do what it claims: local token counting and report generation. Before installing, 1) reconcile file paths (SKILL.md/README expect scripts/ but the .py files in the bundle appear at the top level) and update the commands accordingly; 2) verify you are comfortable with reports being stored in data/token_log.json and back it up if needed; 3) scheduling via cron requires OS-level privileges — add cron jobs manually after review or use a scheduler you trust; 4) inspect the three Python files yourself (they are short and readable) and run them in a safe environment to confirm behavior; 5) ensure you only pass numeric token counts (these scripts record counts, not actual API keys) and do not accidentally log secret strings. There are no signs of network exfiltration or secret access in the code, but if you expect integration with external reporting endpoints, require explicit review before enabling networked behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk971266sr7yrvn139rrk01dy6d836n7q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.