Back to skill
Skillv1.0.0
ClawScan security
AI Usage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 12:50 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions are coherent with its stated purpose (reading OpenClaw session logs and using the Claude/OAuth token to query Anthropic usage); it does access sensitive local credentials and invokes the local 'claude' CLI to refresh tokens, which is proportional to the task but worth reviewing before installation.
- Guidance
- This skill appears to do what it says: it reads OpenClaw session logs and your local Claude credentials to call Anthropic's OAuth usage endpoint. Before installing, review the included script yourself (it is present and readable) and confirm you trust the skill source. Note that it will read ~/.claude/.credentials.json (or the path set by CLAUDE_CREDENTIALS_PATH) and may invoke the local 'claude' CLI to refresh tokens; these actions are required to obtain accurate quota data but expose local credentials to the skill code. If you are uncomfortable, run the script manually in a restricted environment or inspect/modify it to remove any behavior you don't want (for example, printing or transmitting tokens). Also consider that the registry metadata omits the optional env var overrides documented in SKILL.md — expect to set those if your paths differ.
Review Dimensions
- Purpose & Capability
- okThe skill claims to report Anthropic quotas and OpenClaw-derived token/cost stats and its code reads ~/.openclaw session logs and the Claude credentials file and calls the Anthropic OAuth usage endpoint — these capabilities align with the stated purpose.
- Instruction Scope
- noteSKILL.md and the script instruct the agent to read OpenClaw session JSONL files and the Claude credentials file and to invoke the local 'claude' CLI to trigger an OAuth refresh. This is within the expected scope for retrieving usage/quota, but it does mean the skill reads a local credentials file and executes a local CLI.
- Install Mechanism
- okNo remote install/downloads or package installs are specified. The skill is instruction-only with an included Python script (no external network fetches for code), which minimizes installation risk.
- Credentials
- noteThe script accesses the Claude credentials file and the OpenClaw sessions directory (both justified by the stated purpose). Minor metadata mismatch: registry lists no required env vars/primary credential, but SKILL.md documents optional overrides (OPENCLAW_SESSIONS_DIR and CLAUDE_CREDENTIALS_PATH).
- Persistence & Privilege
- okThe skill is not marked always:true, requests no elevated platform privileges, does not modify other skills, and only reads local logs/credentials and invokes a local CLI — no persistent/privileged behavior detected.