ClawHub

Openclaw Daily Ops

v1.0.0

Daily cost reporting + session hygiene for OpenClaw deployments. Tracks per-session API spend, shows 7-day trend, and wipes zombie sessions >24h old to preve...

0· 110·1 current·1 all-time
by云龙@zylcold
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts and README. The skill only needs access to OpenClaw session files and a Discord webhook (provided in config.json) to generate reports and reset stale sessions; nothing requested or installed is unrelated to that purpose.
Instruction Scope
SKILL.md and the scripts are explicit about reading sessions.json/sessions_dir and truncating session JSONL files older than the configured threshold. This is destructive by design (it intentionally truncates files) — the instructions limit action to the configured sessions_dir and workspace_dir but you should confirm those paths before running. The only external endpoint used is the Discord webhook you configure.
Install Mechanism
No install spec or remote downloads; the skill is pure Python scripts and docs, so nothing is written to disk beyond the files shipped and the logs the scripts create. Risk from installation is low.
Credentials
No required environment variables or unrelated credentials. The only secret-like value is the Discord webhook supplied in config.json, which is appropriate for posting reports. The scripts write logs under the configured workspace_dir.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide agent settings. It is intended to be scheduled via cron (user-controlled).
Assessment
This skill appears to do what it says, but before enabling it: 1) Review and edit config.json so sessions_dir and workspace_dir point only to your OpenClaw session paths (not broader system directories). 2) Test both scripts with --dry-run to verify reported sessions and the zombie summary. 3) Back up your session files (or run the zombie killer in dry-run) before allowing it to truncate files. 4) Use a private Discord channel/webhook and avoid exposing the webhook URL; rotate the webhook if it ever leaks. 5) When scheduling with cron, run under the intended user account (not root) to limit file-scope. If any behavior seems unexpected, inspect the scripts again — they are small and readable.

Like a lobster shell, security has layers — review code before you run it.

latestvk973nbh75zqpt0nz0kmzxhd2wd833yan

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments