Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to display local Clawdbot usage statistics as advertised, with local command and session-file access that is purpose-aligned but worth understanding before use.
Install only where you trust the local Clawdbot installation and the `clawdbot` command in PATH. Be aware that invoking the skill can expose usage metadata such as provider, token counts, context usage, reset timing, and a truncated session ID in the Telegram chat where you run it.
66/66 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec