Back to skill
Skillv1.3.0
ClawScan security
Claude Usage Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 1:57 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (it launches the local Claude CLI in a PTY and reads /usage), and it doesn't request extra credentials or install code, so it's internally coherent.
- Guidance
- This skill appears to do exactly what it says: run your local Claude CLI in a terminal and read the /usage output. Before installing or using it, confirm you have the official claude CLI installed and are comfortable letting the agent spawn an interactive terminal on your machine — whatever the CLI prints to the terminal can be read by the skill. Manually log in to claude first (the skill notes browser login won't work headlessly). If you are concerned about accidental disclosure, run the skill in a sandboxed environment (container or VM) or review the CLI behavior so you know what output it emits.
Review Dimensions
- Purpose & Capability
- okName and description match the runtime instructions: the skill needs the local 'claude' CLI and an interactive PTY to query /usage. Requiring the claude binary is appropriate for this purpose.
- Instruction Scope
- noteInstructions are narrowly scoped to launching the local claude CLI, sending the '/usage' command, reading output, and exiting. Minor caution: because it runs an interactive PTY and reads the process output, it could capture any text the CLI emits (including any unexpected sensitive lines). The instructions themselves do not ask for unrelated files, env vars, or external endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code to download or execute. That minimizes supply-chain risk.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. That is proportionate to its stated goal of interacting with the local 'claude' CLI.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent system privileges or modify other skills. Autonomous invocation is permitted (platform default) but not combined with other red flags.