Skillv1.0.19

ClawScan security

Codex Usage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 11:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions tell the agent to execute a local Python script that is not included and to consult another skill's files, which is inconsistent with its declared requirements and raises unknown runtime risks.
Guidance: This skill is a thin wrapper that tells the agent to run a Python script located in another skill directory, but the wrapper package contains no code or install steps and declares no required binaries or API keys. Before installing or enabling it, ask the publisher for the referenced codex-profiler code and verify what that script does. Ensure python3 is the intended runtime, confirm any required environment variables (API keys) and inspect the script for network access or filesystem reads. If you cannot review the external script, avoid enabling the skill because it could execute arbitrary local code or access secrets unexpectedly.

Review Dimensions

Purpose & Capability: concernThe skill is described as a simple Telegram-style command wrapper but its runtime instructions require running a Python script at skills/codex-profiler/scripts/codex_usage.py and following ../codex-profiler/SKILL.md. The package contains no code files and declares no required binaries, so the declared requirements do not match what the instructions actually ask the agent to do.
Instruction Scope: concernSKILL.md tells the agent to execute an external script and follow another skill's SKILL.md. That directs the agent to read and run files that are outside this skill's bundle; it is vague about what that script does (likely contacting APIs, reading configs, or using credentials). The instructions therefore extend beyond this skill's own scope and grant the agent broad discretion to access local files and run code.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in general, but the runtime command explicitly invokes python3 on a relative script path. Without that script included or an install step to fetch it, the instruction either will fail or will run whatever file exists at that path — a potentially dangerous implicit dependency.
Credentials: concernThe skill declares no required environment variables or credentials, yet its purpose (checking Codex/OpenAI profile usage) strongly suggests the invoked script would need API keys or other secrets. The SKILL.md does not document required env vars, creating a mismatch and risk of unexpected credential use or attempts to read secrets from the environment.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. There is no evidence it attempts to modify other skills' configuration or to persist credentials itself.