Claude Code Usage
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this helper is run, your Claude usage/reset notification could be sent to someone else's Telegram account.
This sends reset notification content to a fixed Telegram target ID instead of a user-provided or documented recipient.
printf '%s' "$MESSAGE" | clawdbot message send --telegram --target 5259918241
Do not run monitor-and-notify.sh unless the hard-coded target is removed or replaced with your own explicit, documented configuration.
Running the checker gives the script access to your local Claude Code OAuth token, although the shown code uses it for the stated Anthropic usage endpoint.
The script reads local Claude Code OAuth credentials and uses the access token to query Anthropic's usage API.
security find-generic-password -s "Claude Code-credentials" -w ...; secret-tool lookup application "Claude Code" ...; -H "Authorization: Bearer $TOKEN"
Only run this from a trusted local copy, and verify that token handling remains limited to api.anthropic.com.
The skill may continue checking usage and sending reminders until you remove the scheduled job.
The monitoring feature intentionally creates persistent scheduled reminders that continue after initial setup.
This creates a self-scheduling chain of cron jobs ... Repeats every 5 hours automatically
Enable monitoring only if you want recurring background checks, and know how to list and remove the related Clawdbot cron jobs.
A usage check can automatically make a small Claude CLI request when credentials need refreshing.
When the stored token is expired, the script invokes the local claude CLI to trigger token refresh.
echo "2+2" | claude >/dev/null 2>&1 || true
If you do not want automatic CLI refresh behavior, refresh Claude manually or remove this fallback before running the script.