Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match what the files implement: stats.py and SKILL.md both enumerate installed skills and parse local Claude history files to produce usage counts and a TUI-like report. Required resources (none) align with a local, file-reading tool.
Instruction Scope
Instructions explicitly tell the agent to read ~/.claude/history.jsonl and ~/.claude/projects/*/*.jsonl and to run the included stats.py, which is necessary for the stated purpose. This does mean the skill reads private conversation history (expected for usage statistics) — a privacy consideration but not unexpected. Minor mismatch: SKILL.md mentions session.jsonl path variants while the code processes all *.jsonl under projects; behavior is consistent with broader file discovery.
Install Mechanism
No install spec is provided (instruction-only skill with a bundled script). No downloads, package installs, or external install URLs are present.
Credentials
The skill requests no environment variables or credentials. It does access files under the user's home (~/.claude/*), which is proportional to its function but exposes potentially sensitive conversation history — the code aggregates counts and does not print raw messages, but users should be aware the skill reads local history files.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes. It does not modify other skills or global agent settings. Autonomous invocation is allowed by default but not combined with other suspicious privileges.
Assessment
This skill reads your Claude conversation history files (~/.claude/history.jsonl and files under ~/.claude/projects/) and the ~/.claude/skills/ directory to compute usage counts — that is necessary for its purpose but exposes sensitive local data. Before installing or running: review stats.py (already included) to confirm it only aggregates counts (it does), ensure you trust the skill source, and verify file permissions. If you want tighter safety, run the script manually in a shell (python3 ~/.claude/skills/skill-usage/stats.py past_30_days) rather than allowing autonomous invocation, or make a copy of your history files for testing. Note the SKILL.md and README contain slightly different path descriptions (session.jsonl vs any *.jsonl), but the script's behavior is consistent and broader (it scans all *.jsonl under projects).Like a lobster shell, security has layers — review code before you run it.
latestvk97fed6x1b5gbkpt6a1246gknn8338rq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.