Is cheenu1092-oss/tokenmeter safe?
https://github.com/openclaw/skills/tree/main/skills/cheenu1092-oss/tokenmeter
This is a legitimate token usage tracking tool for AI services that imports local session data and calculates costs. The skill performs documented functionality without malicious behavior, though it does access environment variables and session files as part of its normal operation.
Category Scores
Findings (3)
LOW Environment Variable Scanning -15 ▶
The fetcher.py module scans environment variables for API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.) to fetch usage data from provider APIs. This is documented functionality but could potentially expose sensitive environment variables.
LOW Local Session File Access -10 ▶
The importer reads session files from OpenClaw/Claude directories (~/.clawdbot/agents//sessions/, ~/.claude/projects//sessions/) to track token usage. This is legitimate functionality but accesses potentially sensitive usage data.
INFO Usage Data Collection -10 ▶
The skill collects detailed AI usage patterns including model types, token counts, and costs. While stored locally, this creates a comprehensive profile of user AI interactions.