Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Cost Guardian
v1.0.0OpenClaw Cost Guardian - 智能成本监控与优化助手。实时监控Token消耗、智能切换模型、成本预警预警、使用优化建议。 帮助用户将OpenClaw使用成本降低30-70%,解决"月薪两万养不起龙虾"的痛点。 关键词:成本控制、token监控、模型优化、省钱
⭐ 0· 45·0 current·0 all-time
byJames@zhanqirong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's functionality (token monitoring, model recommendations, budget alerts) matches its name and description. However, the SKILL.md repeatedly requires reading '当前Token消耗' and 'OpenClaw配置' and performing '自动监控每次对话' and '自动推荐/切换模型' without declaring any required environment variables, config paths, or privileges. That omission is inconsistent: a legitimate cost-monitor would need access to per-session/token telemetry and the ability to alter configuration or trigger model switches.
Instruction Scope
Runtime instructions tell the agent to read OpenClaw configuration, current token consumption, model lists/prices, continuously monitor each conversation, send daily reports, and (optionally) switch models or enable local models. The SKILL.md does not specify where to get token metrics, how reports are delivered, or how model switching is executed. These steps entail reading platform telemetry and changing user/agent settings — scope that goes beyond a simple read-only helper and is not justified or constrained.
Install Mechanism
Instruction-only skill with no install spec and no code files; this is low install risk because nothing is written to disk or fetched at install time.
Credentials
The skill requests no credentials or config paths in metadata, yet expects access to potentially sensitive runtime telemetry (per-session token counts, model usage) and the ability to change default models and system behavior. Either the platform provides these implicitly (possible) or the SKILL.md is assuming elevated access without declaring it — that mismatch is concerning because it hides required privileges.
Persistence & Privilege
Metadata shows always:false (not force-installed) and autonomous invocation allowed (normal). But the prose promises '激活后自动运行' and '自动监控每次对话' and '每日发送成本报告', implying ongoing/background monitoring and automated actions. This conflicts with the declared flags and lacks detail about the mechanism, frequency, or user approval for ongoing operation. Background monitoring plus model-switching capability raises the potential blast radius if misused.
What to consider before installing
Before installing or enabling this skill, ask the publisher/platform these concrete questions: (1) Exactly how does the skill obtain per-session and historical token usage? Is that telemetry provided by OpenClaw, or does the skill require access to logs/config files? (2) Will the skill be granted permission to change default models or agent configuration? If so, what changes can it make and how are they authorized by the user? (3) Where and how are daily reports or alerts delivered (chat only, email, external endpoint)? Are any external destinations used? (4) Can you run the skill in a read-only mode (monitoring + recommendations) before allowing it to perform automatic switches? (5) Request a precise list of required platform permissions, data access scopes, retention policy for usage data, and an option to disable automatic actions. If those details are not provided and auditable, treat the skill as higher risk and avoid granting it persistent or configuration-modifying privileges.Like a lobster shell, security has layers — review code before you run it.
costvk976fj8amz1dp3cb8f9yyjjrtd83j0e1latestvk976fj8amz1dp3cb8f9yyjjrtd83j0e1monitoringvk976fj8amz1dp3cb8f9yyjjrtd83j0e1optimizationvk976fj8amz1dp3cb8f9yyjjrtd83j0e1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.