claude-usage-companion

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local usage monitor and reminder, with configurable command hooks that users should review before scheduling it.

Before installing, review config.json carefully, keep the skill directory writable only by trusted users, prefer the default null alert_command unless you need a notifier, and review the printed cron block before adding it to crontab.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill allows a user-controlled config value, alert_command, to be executed with spawnSync(..., { shell: true }). That creates direct shell-injection and arbitrary command execution risk if config.json is modified by an attacker or populated from untrusted input, and this code is intended to run unattended on an always-on box, increasing blast radius.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The ccusage subprocess command is fully configurable via ccusage_cmd and then executed by spawnSync. Although spawnSync is used without shell expansion here, this still permits arbitrary local program execution through configuration, which exceeds the tool's stated monitoring purpose and is risky for a long-running scheduled skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal