ecc-tools-cost-audit
Evidence-first ECC Tools burn and billing audit workflow. Use when investigating runaway PR creation, quota bypass, premium-model leakage, duplicate jobs, or GitHub App cost spikes in the ECC Tools repo.
Best use case
ecc-tools-cost-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Evidence-first ECC Tools burn and billing audit workflow. Use when investigating runaway PR creation, quota bypass, premium-model leakage, duplicate jobs, or GitHub App cost spikes in the ECC Tools repo.
Teams using ecc-tools-cost-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ecc-tools-cost-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ecc-tools-cost-audit Compares
| Feature / Agent | ecc-tools-cost-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Evidence-first ECC Tools burn and billing audit workflow. Use when investigating runaway PR creation, quota bypass, premium-model leakage, duplicate jobs, or GitHub App cost spikes in the ECC Tools repo.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# ECC Tools Cost Audit Use this skill when the user suspects the ECC Tools GitHub App is burning cost, over-creating PRs, bypassing usage limits, or routing free users into premium analysis paths. This is a focused operator workflow for the sibling [ECC-Tools](../../ECC-Tools) repo. It is not a generic billing skill and it is not a repo-wide code review pass. ## Skill Stack Pull these ECC-native skills into the workflow when relevant: - `autonomous-loops` for bounded multi-step audits that cross webhooks, queues, billing, and retries - `agentic-engineering` for tracing the request path into discrete, provable units - `customer-billing-ops` when repo behavior and customer-impact math must be separated cleanly - `search-first` before inventing helpers or re-implementing repo-local utilities - `security-review` when auth, usage gates, entitlements, or secrets are touched - `verification-loop` for proving rerun safety and exact post-fix state - `tdd-workflow` when the fix needs regression coverage in the worker, router, or billing paths ## When To Use - user says ECC Tools burn rate, PR recursion, over-created PRs, usage-limit bypass, or premium-model leakage - the task is in the sibling `ECC-Tools` repo and depends on webhook handlers, queue workers, usage reservation, PR creation logic, or paid-gate enforcement - a customer report says the app created too many PRs, billed incorrectly, or analyzed code without producing a usable result ## Scope Guardrails - work in the sibling `ECC-Tools` repo, not in `everything-claude-code` - start read-only unless the user clearly asked for a fix - do not mutate unrelated billing, checkout, or UI flows while tracing analysis burn - treat app-generated branches and app-generated PRs as red-flag recursion paths until proved otherwise - separate three things explicitly: - repo-side burn root cause - customer-facing billing impact - product or entitlement gaps that need backlog follow-up ## Workflow ### 1. Freeze repo scope - switch into the sibling `ECC-Tools` repo - check branch and local diff first - identify the exact surface under audit: - webhook router - queue producer - queue consumer - PR creation path - usage reservation / billing path - model routing path ### 2. Trace ingress before theorizing - inspect `src/index.*` or the main entrypoint first - map every enqueue path before suggesting a fix - confirm which GitHub events share a queue type - confirm whether push, pull_request, synchronize, comment, or manual re-run events can converge on the same expensive path ### 3. Trace the worker and side effects - inspect the queue consumer or scheduled worker that handles analysis - confirm whether a queued analysis always ends in: - PR creation - branch creation - file updates - premium model calls - usage increments - if analysis can spend tokens and then fail before output is persisted, classify it as burn-with-broken-output ### 4. Audit the high-signal burn paths #### PR multiplication - inspect PR helpers and branch naming - check dedupe, synchronize-event handling, and existing-PR reuse - if app-generated branches can re-enter analysis, treat that as a priority-0 recursion risk #### Quota bypass - inspect where quota is checked versus where usage is reserved or incremented - if quota is checked before enqueue but usage is charged only inside the worker, treat concurrent front-door passes as a real race #### Premium-model leakage - inspect model selection, tier branching, and provider routing - verify whether free or capped users can still hit premium analyzers when premium keys are present #### Retry burn - inspect retry loops, duplicate queue jobs, and deterministic failure reruns - if the same non-transient error can spend analysis repeatedly, fix that before quality improvements ### 5. Fix in burn order If the user asked for code changes, prioritize fixes in this order: 1. stop automatic PR multiplication 2. stop quota bypass 3. stop premium leakage 4. stop duplicate-job fanout and pointless retries 5. close rerun/update safety gaps Keep the pass bounded to one to three direct fixes unless the same root cause clearly spans multiple files. ### 6. Verify with the smallest proving steps - rerun only the targeted tests or integration slices that cover the changed path - verify whether the burn path is now: - blocked - deduped - downgraded to cheaper analysis - or rejected early - state the final status exactly: - changed locally - verified locally - pushed - deployed - still blocked ## High-Signal Failure Patterns ### 1. One queue type for all triggers If pushes, PR syncs, and manual audits all enqueue the same job and the worker always creates a PR, analysis equals PR spam. ### 2. Post-enqueue usage reservation If usage is checked at the front door but only incremented in the worker, concurrent requests can all pass the gate and exceed quota. ### 3. Free tier on premium path If free queued jobs can still route into Anthropic or another premium provider when keys exist, that is real spend leakage even if the user never sees the premium result. ### 4. App-generated branches re-enter the webhook If `pull_request.synchronize`, branch pushes, or comment-triggered runs fire on app-owned branches, the app can recursively analyze its own output. ### 5. Expensive work before persistence safety If the system can spend tokens and then fail on PR creation, file update, or branch collision, it is burning cost without shipping value. ## Pitfalls - do not begin with broad repo wandering; settle webhook -> queue -> worker first - do not mix customer billing inference with code-backed product truth - do not fix lower-value quality issues before the highest-burn path is contained - do not claim burn is fixed until the narrow proving step was rerun - do not push or deploy unless the user asked - do not touch unrelated repo-local changes if they are already in progress ## Verification - root causes cite exact file paths and code areas - fixes are ordered by burn impact, not code neatness - proving commands are named - final status distinguishes local change, verification, push, and deployment
Related Skills
workspace-surface-audit
Audit the active repo, MCP servers, plugins, connectors, env surfaces, and harness setup, then recommend the highest-value ECC-native skills, hooks, agents, and operator workflows. Use when the user wants help setting up Claude Code or understanding what capabilities are actually available in their environment.
click-path-audit
Trace every user-facing button/touchpoint through its full state change sequence to find bugs where functions individually work but cancel each other out, produce wrong final state, or leave the UI in an inconsistent state. Use when: systematic debugging found no bugs but users report broken buttons, or after any major refactor touching shared state stores.
cost-aware-llm-pipeline
LLM API 使用成本优化模式 —— 基于任务复杂度的模型路由、预算跟踪、重试逻辑和提示缓存。
automation-audit-ops
Evidence-first automation inventory and overlap audit workflow for ECC. Use when the user wants to know which jobs, hooks, connectors, MCP servers, or wrappers are live, broken, redundant, or missing before fixing anything.
ui-demo
Record polished UI demo videos using Playwright. Use when the user asks to create a demo, walkthrough, screen recording, or tutorial video of a web application. Produces WebM videos with visible cursor, natural pacing, and professional feel.
token-budget-advisor
Offers the user an informed choice about how much response depth to consume before answering. Use this skill when the user explicitly wants to control response length, depth, or token budget. TRIGGER when: "token budget", "token count", "token usage", "token limit", "response length", "answer depth", "short version", "brief answer", "detailed answer", "exhaustive answer", "respuesta corta vs larga", "cuántos tokens", "ahorrar tokens", "responde al 50%", "dame la versión corta", "quiero controlar cuánto usas", or clear variants where the user is explicitly asking to control answer size or depth. DO NOT TRIGGER when: user has already specified a level in the current session (maintain it), the request is clearly a one-word answer, or "token" refers to auth/session/payment tokens rather than response size.
skill-comply
Visualize whether skills, rules, and agent definitions are actually followed — auto-generates scenarios at 3 prompt strictness levels, runs agents, classifies behavioral sequences, and reports compliance rates with full tool call timelines
santa-method
Multi-agent adversarial verification with convergence loop. Two independent review agents must both pass before output ships.
safety-guard
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
repo-scan
Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
project-flow-ops
Operate execution flow across GitHub and Linear by triaging issues and pull requests, linking active work, and keeping GitHub public-facing while Linear remains the internal execution layer. Use when the user wants backlog control, PR triage, or GitHub-to-Linear coordination.
product-lens
Use this skill to validate the "why" before building, run product diagnostics, and pressure-test product direction before the request becomes an implementation contract.