Skillv1.1.0

ClawScan security

Session Health Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 23, 2026, 10:40 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (local context monitoring and snapshots), but it modifies user app config (~/.claude/settings.local.json) and claims Telegram warnings without providing or requesting a Telegram integration/credential — these behaviors warrant caution.
Guidance: This skill appears to implement local context monitoring and snapshotting, but before installing you should: (1) review the included scripts yourself, (2) back up ~/.claude/settings.local.json if you plan to run setup-statusline.sh (it will overwrite/add a statusLine entry), (3) be aware the skill does not itself send Telegram messages or require a Telegram token — it only instructs the agent to append footers to messages sent via whatever Telegram integration you already have, and (4) run the installer in a sandbox or with explicit consent to avoid surprising persistent changes. If you do not use Claude Code or do not want the skill to modify ~/.claude, avoid running setup-statusline.sh and use the scripts manually instead.

Review Dimensions

Purpose & Capability: noteThe scripts and instructions align with the stated goal of monitoring context usage, taking pre-compaction snapshots, rotating memory files, and exposing a statusline. However the SKILL.md mentions 'warnings via Telegram' but the bundled scripts do not implement Telegram network calls or request a Telegram token — the skill expects the agent's existing Telegram messaging tool to be used, which is reasonable but not explicitly documented as a dependency.
Instruction Scope: concernRuntime instructions ask the agent to append context-footers to outgoing Telegram messages and to modify agent heartbeat loops. The provided setup script (setup-statusline.sh) modifies ~/.claude/settings.local.json to add a statusLine entry and copies a statusline script into ~/.claude — this changes another application's configuration outside the skill's own files, which is scope creep and could surprise users if done without explicit consent.
Install Mechanism: okNo remote install or downloads are performed (instruction-only with local scripts). The only external dependency is jq for the installer/statusline patches. No network fetches or archives are used, so installation risk is low, but users should still inspect/prompt before running setup-statusline.sh since it writes into home directories.
Credentials: okThe skill uses sensible, optional environment variables (MEMORY_DIR, KEEP_DAYS, HEALTH_GREEN_MAX, etc.) and local filesystem paths (~/.openclaw, ~/.claude, /tmp). It does not request tokens or secrets in the registry metadata. The use of user home directories for memory and state is proportionate to the purpose.
Persistence & Privilege: concernAlthough always:false and no autonomous 'always-on' flag is set, the installer writes a persistent statusline script into ~/.claude and patches settings.local.json, creating persistent behavior across restarts of the Claude Code app. Modifying another tool's settings is a notable privilege and should be done only with explicit user consent and backup.