Cpu
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a benign local logging tool with no credential or network use, but it stores entries persistently and does not appear to perform the advertised live CPU monitoring.
Install only if you want a local operations journal rather than full CPU monitoring. Avoid entering secrets into its logs, periodically review `~/.local/share/cpu`, and verify the actual script/version before relying on the `cpu` command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect live CPU/process measurements, but the skill appears to function mainly as a local note/log journal.
The artifact advertises CPU monitoring, but the documented workflow is mostly saving and displaying user-provided log entries.
description: "Monitor CPU load, per-core usage, and rank top resource-consuming processes." ... "With arguments: saves a timestamped entry to `~/.local/share/cpu/<command>.log`"
Treat this as an operations logging utility, and use trusted system tools if you need real CPU telemetry or process ranking.
It may be unclear exactly how the `cpu` command is installed or which local script/version is being invoked.
The metadata under-declares the local Bash/coreutils expectations documented in SKILL.md and includes a script without an install spec; this affects operational clarity but does not show unsafe installation behavior.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill ... Code file presence: scripts/script.sh
Verify the full script and the resolved `cpu` command path/version before relying on it.
Operational details, including secrets if entered, may remain on disk and be surfaced to the agent in later tasks.
The skill intentionally persists user-supplied operational text and can later search, display, or export it.
All data is stored locally in `~/.local/share/cpu/` ... `search <term>` ... `recent` ... `export` utility function can produce JSON, CSV, or TXT output files
Do not log passwords, tokens, or sensitive incident details unless you are comfortable storing them locally; review or delete `~/.local/share/cpu` when needed.