Session Token Ledger
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: session-token-ledger Version: 1.0.0 The session-token-ledger skill is a local utility designed to audit and analyze LLM token usage from OpenClaw session transcripts. It parses local JSONL log files, populates a SQLite database (session_tokens.db), and generates markdown reports via Python scripts (rebuild_sqlite.py and report.py). The code operates entirely on local files within the OpenClaw directory structure, contains no network exfiltration logic, and uses standard platform features for automation hooks without any evidence of malicious intent or prompt-injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the rebuild creates a local record of completed session usage and metadata; anyone who can read the generated assets may learn session IDs, paths, models, providers, and token totals.
The rebuild script reads local OpenClaw session transcript files and persists derived per-session ledger data, including session identifiers and file paths, into local assets.
SESSIONS_DIR = OPENCLAW_ROOT / 'agents' / 'main' / 'sessions' ... DB_PATH = ASSETS_DIR / 'session_tokens.db' ... 'session_key': session_key
Use the skill only on a trusted machine, avoid sharing the generated assets, and delete the ledger files if you no longer want this session metadata retained.
If the hook is installed, the ledger will continue updating automatically when those events occur, rather than only when manually run.
The optional hook setup creates event-triggered automation that runs the rebuild script after specific OpenClaw events.
Use this only if you want the ledger rebuilt automatically ... events ["command:new","command:reset","command:stop","gateway:startup"] ... spawnSync('python3', [SCRIPT, '--skill-dir', SKILL_DIR])Enable the hook only if you want ongoing automatic rebuilds, and remove the hook folder if you want to return to manual operation.