Ecc Tools Cost Audit
Audit ECC Tools GitHub App burn, PR recursion, quota bypass, and premium-model routing with an evidence-first operator workflow in the ECC-Tools repo.
Overview
ECC Tools Cost Audit is an agent skill most often used in Operate (also Ship security review) that runs an evidence-first billing and burn investigation for the ECC-Tools GitHub App.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill ecc-tools-cost-auditWhat is this skill?
- Evidence-first ECC Tools burn and billing audit—not a generic repo review
- Triggers: PR recursion, usage-limit bypass, premium-model leakage, GitHub App cost spikes
- Explicit ECC skill stack: autonomous-loops, agentic-engineering, customer-billing-ops, verification-loop
- Scoped to sibling ECC-Tools repo operator workflows
Adoption & trust: 3k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You see ECC Tools cost or PR volume spike and need a provable trace of webhooks, queues, billing gates, and model routing—not another vague code skim.
Who is it for?
Maintainers of the ECC-Tools GitHub App debugging burn, entitlements, or automated PR behavior.
Skip if: Generic SaaS billing optimization unrelated to ECC-Tools, or teams without access to that repo and its worker architecture.
When should I use this skill?
User suspects ECC Tools burn rate, PR recursion, over-created PRs, usage-limit bypass, or premium-model leakage in the ECC-Tools repo.
What do I get? / Deliverables
You complete a bounded audit with discrete request-path evidence and optional regression coverage before redeploying fixes.
- Evidence-backed audit notes
- Identified leak or bypass path
- Regression or verification proof when fixes land
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Cost spikes and runaway automation are diagnosed after shipping when the app runs against real billing and webhooks—canonical operate shelf. Monitoring-style investigation of burn rate, duplicate jobs, and entitlement leakage maps to operate monitoring rather than greenfield build.
Where it fits
Graph webhook retries against duplicate PR jobs after a monthly invoice doubles.
Verify usage gates and secrets handling before patching a quota bypass.
Trace queue workers and rerun safety after fixing premium-model router leakage.
Separate customer-impact billing math from internal burn during an escalation.
How it compares
Operator audit workflow for one GitHub App stack—not a substitute for cloud-wide FinOps dashboards or casual PR review skills.
Common Questions / FAQ
Who is ecc-tools-cost-audit for?
ECC-Tools repo operators and indie maintainers investigating GitHub App cost, PR recursion, or usage-gate failures.
When should I use ecc-tools-cost-audit?
Use it in operate when burn or billing anomalies appear; in ship when security-review is needed on auth and entitlements; when the user names ECC Tools quota bypass or premium-model leakage.
Is ecc-tools-cost-audit safe to install?
The workflow may touch auth, secrets, and billing paths—follow security-review steps in-repo and check the Security Audits panel on this Prism page before install.
Workflow Chain
Requires first: search first
Then invoke: verification loop, security review
SKILL.md
READMESKILL.md - Ecc Tools Cost Audit
# ECC Tools Cost Audit Use this skill when the user suspects the ECC Tools GitHub App is burning cost, over-creating PRs, bypassing usage limits, or routing free users into premium analysis paths. This is a focused operator workflow for the sibling [ECC-Tools](../../ECC-Tools) repo. It is not a generic billing skill and it is not a repo-wide code review pass. ## Skill Stack Pull these ECC-native skills into the workflow when relevant: - `autonomous-loops` for bounded multi-step audits that cross webhooks, queues, billing, and retries - `agentic-engineering` for tracing the request path into discrete, provable units - `customer-billing-ops` when repo behavior and customer-impact math must be separated cleanly - `search-first` before inventing helpers or re-implementing repo-local utilities - `security-review` when auth, usage gates, entitlements, or secrets are touched - `verification-loop` for proving rerun safety and exact post-fix state - `tdd-workflow` when the fix needs regression coverage in the worker, router, or billing paths ## When To Use - user says ECC Tools burn rate, PR recursion, over-created PRs, usage-limit bypass, or premium-model leakage - the task is in the sibling `ECC-Tools` repo and depends on webhook handlers, queue workers, usage reservation, PR creation logic, or paid-gate enforcement - a customer report says the app created too many PRs, billed incorrectly, or analyzed code without producing a usable result ## Scope Guardrails - work in the sibling `ECC-Tools` repo, not in `everything-claude-code` - start read-only unless the user clearly asked for a fix - do not mutate unrelated billing, checkout, or UI flows while tracing analysis burn - treat app-generated branches and app-generated PRs as red-flag recursion paths until proved otherwise - separate three things explicitly: - repo-side burn root cause - customer-facing billing impact - product or entitlement gaps that need backlog follow-up ## Workflow ### 1. Freeze repo scope - switch into the sibling `ECC-Tools` repo - check branch and local diff first - identify the exact surface under audit: - webhook router - queue producer - queue consumer - PR creation path - usage reservation / billing path - model routing path ### 2. Trace ingress before theorizing - inspect `src/index.*` or the main entrypoint first - map every enqueue path before suggesting a fix - confirm which GitHub events share a queue type - confirm whether push, pull_request, synchronize, comment, or manual re-run events can converge on the same expensive path ### 3. Trace the worker and side effects - inspect the queue consumer or scheduled worker that handles analysis - confirm whether a queued analysis always ends in: - PR creation - branch creation - file updates - premium model calls - usage increments - if analysis can spend tokens and then fail before output is persisted, classify it as burn-with-broken-output ### 4. Audit the high-signal burn paths #### PR multiplication - inspect PR helpers and branch naming - check dedupe, synchronize-event handling, and existing-PR reuse - if app-generated branches can re-enter analysis, treat that as a priority-0 recursion risk #### Quota bypass - inspect where quota is checked versus where usage is reserved or incremented - if quota is checked before enqueue but usage is charged only inside the worker, treat concurrent front-door passes as a real race #### Premium-model leakage - inspect model selection, tier branching, and provider routing - verify whether free or capped users can still hit premium analyzers when premium keys are present #### Retry burn - inspect retry loops, duplicate queue jobs, and deterministic failure r