token-watchdog Security Report — Trusted | ClawSafe

5 /100

token-watchdog

OpenClaw session cost monitor — alerts via Telegram when agent spend exceeds budget

功能正常的 OpenClaw 成本监控工具，所有行为与文档声明一致，无恶意特征

Skill Nametoken-watchdog

Duration24.9s

Enginepi

✓

Safe to install

可直接使用

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	token-watchdog.mjs:12-17 readFileSync/readNewUsage
Filesystem	`WRITE`	`WRITE`	✓ Aligned	token-watchdog.mjs:19 writeFileSync写入日志
Shell	`WRITE`	`WRITE`	✓ Aligned	token-watchdog.mjs:100-107 execSync openclaw命令
Network	`WRITE`	`WRITE`	✓ Aligned	token-watchdog.mjs:100 通过openclaw CLI发送Telegram

2 findings

🔗

Medium External URL 外部 URL

https://ddaekeu3-cyber.github.io/synapse-ai/tools/token-watchdog/token-watchdog.mjs

SKILL.md:29

🔗

Medium External URL 外部 URL

https://ddaekeu3-cyber.github.io/synapse-ai/

SKILL.md:82

File Tree

4 files · 14.7 KB · 425 lines

JavaScript 1f · 328L Markdown 1f · 82L JSON 2f · 15L

├─ 📋 _meta.json JSON 5L · 133 B

├─ 📋 package.json JSON 10L · 440 B

├─ 📝 SKILL.md Markdown 82L · 2.3 KB

└─ 🔑 token-watchdog.mjs ⚠ JavaScript 328L · 11.8 KB

✓ 文档-行为完全一致，无阴影功能

✓ 所有shell命令均为声明的openclaw官方CLI

✓ Telegram目标硬编码，未动态获取，无数据外泄风险

✓ 无敏感路径访问（.ssh/.aws/.env）

✓ 无环境变量遍历收割凭证行为

✓ 无远程脚本下载执行

✓ 代码结构清晰，注释完整