agent-budget-controller 安全扫描报告 — 可信 | ClawSafe

0 /100

agent-budget-controller

Control LLM API spending per agent with daily/weekly/monthly budget limits and alerts

This is a legitimate LLM budget tracking utility with zero external dependencies, no network access, and clean filesystem operations. All capabilities are accurately declared and the code performs exactly as documented.

技能名称agent-budget-controller

分析耗时34.7s

引擎pi

✓

可以安装

No action needed. This skill is safe for distribution.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	lib/config.py:39-42 writes config.json; lib/tracker.py:35-43 appends to usage.js…
网络访问	`NONE`	`NONE`	—	No urllib, requests, socket imports or network calls in entire codebase
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution in scripts/budget.py
环境变量	`NONE`	`NONE`	—	No os.environ access in any module
技能调用	`NONE`	`NONE`	—	No skill invocation or inter-process communication
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`NONE`	—	No browser or web automation detected
数据库	`NONE`	`NONE`	—	Uses JSON file storage only, no database connections

2 项发现

📧

提示邮箱邮箱地址

[email protected]

EXAMPLE.md:447

📧

提示邮箱邮箱地址

[email protected]

pyproject.toml:9

目录结构

16 文件 · 77.1 KB · 2768 行

Markdown 6f · 1712L Python 9f · 1033L TOML 1f · 23L

├─ ▾ 📁 lib

│ ├─ 🐍 __init__.py Python 3L · 93 B

│ ├─ 🐍 alerts.py Python 95L · 3.2 KB

│ ├─ 🐍 config.py Python 86L · 2.9 KB

│ ├─ 🐍 pricing.py Python 89L · 3.4 KB

│ ├─ 🐍 reporter.py Python 181L · 6.7 KB

│ └─ 🐍 tracker.py Python 108L · 4.0 KB

├─ ▾ 📁 scripts

│ └─ 🐍 budget.py Python 336L · 11.4 KB

├─ ▾ 📁 tests

│ ├─ 🐍 __init__.py Python 1L · 41 B

│ └─ 🐍 test_budget.py Python 134L · 4.4 KB

├─ 📝 COMPLETION_REPORT.md Markdown 408L · 10.1 KB

├─ 📝 EXAMPLE.md Markdown 448L · 10.0 KB

├─ 📝 INSTALL.md Markdown 67L · 1.4 KB

├─ 📄 pyproject.toml TOML 23L · 512 B

├─ 📝 README.md Markdown 363L · 8.0 KB

├─ 📝 SKILL.md Markdown 156L · 3.5 KB

└─ 📝 SUMMARY.md Markdown 270L · 7.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`stdlib-only`	`N/A`	python	否	No external dependencies - uses only json, pathlib, datetime, collections, argparse, sys

安全亮点

✓ Zero external dependencies - pure Python stdlib only

✓ No network access - all data stored locally in ~/.openclaw/budget/

✓ No shell execution or command injection vectors

✓ No credential harvesting or sensitive path access

✓ Clean, readable code without obfuscation

✓ SKILL.md accurately describes all functionality

✓ pyproject.toml correctly declares no dependencies

✓ Uses standard JSON file operations for local persistence