Oathe Security Badge

Is pfrederiksen/openclaw-cost-tracker safe?

https://github.com/pfrederiksen/openclaw-cost-tracker

95
SAFE

OpenClaw Cost Tracker is a legitimate utility that parses local session files to provide cost and usage analytics for OpenClaw installations. The skill demonstrates no malicious behavior and operates transparently with documented data access requirements.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

INFO Transparent data access requirement -5

Skill description clearly states it needs access to OpenClaw session files for cost tracking functionality

MEDIUM Accesses user session data -10

Script reads JSONL files from ~/.openclaw/agents/ directory to analyze token usage and costs. This is documented, transparent, and necessary for the tool's functionality

INFO Standard Python script -2

Contains Python script that uses only standard library functions with no shell execution or external dependencies

LOW Could reveal usage patterns -15

While legitimate, the tool could potentially be used to analyze detailed AI usage patterns and costs, though this is its intended purpose