ClawHub

budget-analyzer-claw

v1.0.0

预算分析虾 — OpenClaw 数字员工体系的财务守门员。实时监控所有 AI 资源支出,智能控制开销,防止产生意外的巨额费用。 当以下情况时使用此 Skill: (1) 用户询问今日/本周/本月花了多少钱 (2) 用户询问哪个数字员工最费钱、成本占比 (3) 用户要求分析成本趋势、优化建议 (4) 用户要求设置...

0· 57·0 current·0 all-time
byRicky@tujinsama
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (budget monitoring, alerts, reports) match the included scripts, references and SKILL.md. The code reads local billing rules, budget config and produces reports/alerts as documented. Required tools (session_status, sessions_list) are reasonable for gathering usage data.
Instruction Scope
Instructions are narrowly scoped to reading session usage (session_status/sessions_list/sessions_history), computing costs, checking budget-config and optionally running anomaly detection. This legitimately requires access to session usage data. Note: SKILL.md promises reporting and 'push pre-alerts' but contains no explicit delivery implementation; behavior that could pause agents is explicitly gated by user authorization in the docs (good).
Install Mechanism
No install spec and included scripts are small, plain Python files. Nothing is downloaded from external URLs or installed into system paths. This is low-risk.
Credentials
The skill declares no required environment variables or external credentials (appropriate). Minor concerns: currency handling and unit conventions mix USD and CNY — billing-rules.json lists USD unit prices and usd_to_cny conversion, while budget-config.yaml budgets are expressed in '元' (CNY). Make sure usd_to_cny is set correctly for your environment. Also check recipients/channels in budget-config.yaml (feishu, user 'wayne') so alerts are not accidentally sent to unexpected recipients.
Persistence & Privilege
always:false and the skill only reads/writes within its skill directory and /tmp usage files; it does not request system-wide changes or modify other skills. No persistent or privileged hooks detected.
Assessment
This skill appears to do what it says: collect session usage via the platform's session_* tools, compute costs with local pricing rules, detect anomalies, and prepare reports. Before installing: (1) confirm the platform session_status/sessions_list APIs it uses are expected and that you are comfortable the skill will read session usage data (this is necessary for cost reporting); (2) review/adjust references/billing-rules.json and usd_to_cny so currency/unit conversions match your real bills; (3) check references/budget-config.yaml channels/recipients so notifications don't go to unintended users and decide whether you want the skill to have authority to pause agents (the README says user authorization is required); (4) test the scripts with sample data to ensure model-name matching and unknown-model behavior are acceptable. No evidence of hidden network exfiltration or unrelated credential requests was found.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c6m4twsef2m19dkhetkr7b584dgfc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments