token-monitor

Name: token-monitor
Author: Javis603

Issues

Real-time token, cost, and AI limits widget with multi-device sync for Claude Code, Codex, OpenCode, Hermes, OpenClaw, Cursor, Antigravity and more. | 为 AI Tools 打造的即时Token、成本与限额监控桌面组件，支持多设备同步

205stars

10forks

JavaScript

Installation

# Add to your Claude Code skills
git clone https://github.com/Javis603/token-monitor

Getting Started

Guides for using ai agents skills like token-monitor.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportIssues

Last scanned: 6/17/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@jimp/core: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@jimp/custom: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "electron-icon-builder: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "file-type: file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "icon-gen: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "jimp: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "js-yaml: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "phantomjs-prebuilt: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "phin: phin may include sensitive headers in subsequent requests after redirect",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "qs: qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "request: Server-Side Request Forgery in Request",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "svg2png: XSS in svg2png (NPM package)",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tough-cookie: tough-cookie Prototype Pollution vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ws: ws: Memory exhaustion DoS from tiny fragments and data chunks",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "yargs: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "yargs-parser: yargs-parser Vulnerable to Prototype Pollution",
      "severity": "medium"
    },
    {
      "file": "README.md",
      "line": 37,
      "type": "dangerous-command",
      "message": "Dangerous command (writes to Claude config): \"> | Claude Code | `~/.claude/projects/`, `~/.claude/\"",
      "severity": "medium"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-06-17T09:02:18.223Z",
  "npmAuditRan": true,
  "pipAuditRan": true,
  "promptInjectionRan": true
}

README.md

Frequently Asked Questions

What is token-monitor?

token-monitor is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by Javis603. Real-time token, cost, and AI limits widget with multi-device sync for Claude Code, Codex, OpenCode, Hermes, OpenClaw, Cursor, Antigravity and more. | 为 AI Tools 打造的即时Token、成本与限额监控桌面组件，支持多设备同步. It has 205 GitHub stars.

Is token-monitor safe to use?

token-monitor failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.

How do I install token-monitor?

Clone the repository with "git clone https://github.com/Javis603/token-monitor" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is token-monitor written in?

token-monitor is primarily written in JavaScript. It is open-source under Javis603 on GitHub, so you can review or fork the full source.

Are there alternatives to token-monitor?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh token-monitor against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

216,924

node9-proxy AgentCrew

What is Token Monitor?

A desktop widget that shows live token usage and AI Tool Limits across various AI coding tools (Claude Code, Codex, Hermes Agent, OpenCode, OpenClaw, Cursor, Antigravity, Cline, and more) with real-time multi-device sync, historical usage trends, and breakdowns by tool, device, model, or session.

Supported Tools

Token Monitor supports token usage, account-limit checks, and session details separately:

Tool	Data path	Token Usage	AI Tool Limits	Session Details
Claude Code	`~/.claude/projects/`, `~/.claude/transcripts/`	✅	✅	✅
Codex	`~/.codex/sessions/`	✅	✅	✅
OpenCode	`~/.local/share/opencode/`	✅	✅	✅
Hermes Agent	`$HERMES_HOME` or `~/.hermes/`	✅	—	—
OpenClaw	`~/.openclaw/agents/`	✅	—	—
Cursor	`~/.config/tokscale/cursor-cache/` (kept fresh by Cursor sync)	✅	✅	—
Antigravity	`~/.config/tokscale/antigravity-cache/` (kept fresh by Antigravity sync)	✅	✅	—
Cline	VS Code globalStorage tasks (`.../saoudrizwan.claude-dev/tasks/`)	✅	—	—
Kimi CLI / Kimi Code	`~/.kimi/sessions/`, `~/.kimi-code/sessions/` (`KIMI_CODE_HOME`)	✅	—	—
Qwen CLI	`~/.qwen/projects/`	✅	—	—
Grok Build	`$GROK_HOME/sessions/` or `~/.grok/sessions/`	✅	—	—
GitHub Copilot CLI	`~/.copilot/otel/`	✅	—	—
DeepSeek	DeepSeek API key (balance via DeepSeek API)	—	✅	—

Why Token Monitor?

Most usage monitors are useful on the machine they run on. Token Monitor is built for multi-device work: each device watches its own local logs, sends summary updates to your hub, and every connected widget sees token changes almost immediately.

Features

Live token tracking for Claude Code, Codex, Hermes Agent, OpenCode, OpenClaw, Cursor, Antigravity, Cline, Kimi, Qwen, Grok Build, and GitHub Copilot CLI (UI updates within seconds of each turn)
Real-time multi-device sync over Server-Sent Events
Breakdown views grouped by tool, device, model, session, or account limits
Per-session detail — open a Claude Code, Codex, or OpenCode session to see tokens per prompt, expandable to each reply's exact token split and tools used (read on-demand from local transcripts or databases, never synced)
Cache hit statistics — click on any tool or model to expand a detailed breakdown of input tokens (cache hit vs miss), output tokens, and hit rate percentages
Cost breakdown alongside token counts
Usage Trends & Dashboard (opt-in) — a dedicated dashboard window with a GitHub-style activity heatmap, streaks, and stacked per-tool/per-model usage history (bar and K-line views) across all your devices
AI Tool Limits detection for Claude Code, Codex, Cursor, Antigravity, and OpenCode with session, weekly, billing, and credits windows, plus DeepSeek prepaid balance and today/month spend
Optional Status view for Claude, OpenAI, Cursor, and DeepSeek status pages, with manual or interval re-checks
Customizable tool list to hide, pin, and reorder tools in the main dashboard without changing what gets tracked
Appearance controls — interface theme switching (incl. a light mode), per-tool vendor colours, glass opacity, blur, and transparent window mode
Menu bar (macOS) and system tray (Windows) popover with live cost, tokens, or closest Claude/Codex/Cursor/Antigravity/OpenCode limit % next to the icon
Floating Bubble mode that collapses the widget into a draggable mini-window with click or hover preview and tray-style content
Recordable global shortcut to show or hide the window from anywhere
Local-first: no servers needed for single-device use
Self-hosted sync backend (in-widget hub, Node CLI hub, or Cloudflare Worker)
iOS widget support via Widgy and Scriptable through the Worker hub
Discord Rich Presence to broadcast today's tokens, cost, and top client (opt-in)
Privacy-first: only summary numbers ever leave your machine

Limits View	Devices View	Models View

Session View	Session Details	Service Status

Usage Dashboard — Overview	Usage Dashboard — Trends

Installation

Local mode — single device

The default. No hub, no agent, no config.

npm install
npm start

Multi-device sync

Pick ONE hub backend that all your devices (and any headless agents) connect to. On each device, open the widget and pick a mode under Settings → Multi-device Sync. The widget contributes this device's usage automatically; run npm run agent only on machines without a widget.

Option A — Host the hub from the widget (easiest, no CLI)

In the widget on one always-on machine, open Settings → Multi-device Sync and pick Host hub on this device. The widget generates a random secret and lists the LAN URLs other devices can connect to (Tailscale or ZeroTier addresses appear here too). On every other device, pick Connect to a hub and paste the URL + secret.

The hub runs while Token Monitor is running — quitting (not just closing the window) stops it for all connected devices.

Option B — Self-hosted Node hub (always-on headless machine)

# on the always-on machine
cp .env.example .env
# set TOKEN_MONITOR_SECRET to something private, then:
npm run hub

Option C — Cloudflare Worker hub (across networks, including iPhone)

One-click deploy — Cloudflare will prompt for the TOKEN_MONITOR_SECRET during setup. Or deploy manually:

cd worker
npm install
npx wrangler login
npx wrangler secret put TOKEN_MONITOR_SECRET
npx wrangler deploy

Paste the deployed URL into each device's widget at Settings → Multi-device Sync. See worker/README.md for the iOS widget recipe and endpoint reference, or docs/API.md for the hub HTTP API.

Desktop installer

You can download the app from the releases page. All releases are unsigned; release notes include first-launch unlock steps for macOS (arm64) and Windows (x64). Other platforms run from source via npm start.

App state lives in the OS user-data dir — delete it along with the app to fully uninstall.

Platform	Path
macOS	`~/Library/Application Support/Token Monitor/`
Windows	`%APPDATA%/Token Monitor/`

Build from source

Releases are unsigned, so you may prefer to build your own installer — same code, your machine. Needs Node.js 18.17+ and the target OS (electron-builder can't cross-build a macOS .dmg on Windows, or vice-versa).

npm install
npm run dist:mac   #