Skillv2.2.0

ClawScan security

Token省钱管家 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 1:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, files, and instructions are coherent with a local token-cost controller: it reads/writes a local .openclaw/data directory, performs local model detection (exec), and requires no external credentials or downloads.
Guidance: This skill appears to be what it says: a local cost controller that stores state under .openclaw/data and detects local models with 'ollama list'. Before installing, consider: 1) Provenance — the package is from an unknown source and contains version metadata mismatch (files v2.1.1 vs registry v2.2.0); prefer packages from trusted authors. 2) Inspect repository locally — review install.js and the data files (controls.json, cache.json, cost-history.json) to ensure no unexpected behavior. 3) Data sensitivity — the skill will store usage/cost data and disabled/paused skill lists on disk; if that information is sensitive, run it in an isolated environment or change the dataDir. 4) Execution risk — it runs a fixed shell command to probe local models; this is expected but confirm your environment's PATH and that 'ollama' is trusted. 5) Network/credentials — the skill requests no credentials and makes no outbound network calls in the provided code, but if you modify it to integrate external alerting or telemetry, review that addition carefully. If you want higher assurance, run it in a sandbox or container and/or ask the author for a vetted release/source origin.

Review Dimensions

Purpose & Capability: okName/description (token cost control, caching, routing, monitoring) match the included code and CLI. The package implements caching, cost monitoring, model routing, and proactive controls. Minor metadata/version mismatch: registry lists v2.2.0 while files declare v2.1.1 — a non-security but provenance inconsistency to note.
Instruction Scope: noteSKILL.md only instructs when to use the skill (cost optimization) and basic CLI examples; it does not ask the agent to read unrelated system state or secrets. However the README suggests running install.js and the code persists data to disk (controls.json, cache.json, cost-history.json). '自动告警' in docs refers to internal alerts stored in files, not an external alerting service — a minor documentation vs behavior mismatch.
Install Mechanism: okThere is no external install spec in the registry. The repository includes a local install.js that creates a .openclaw/data directory and initializes controls.json. No remote downloads, no package dependencies, and no archives or third-party installers are used.
Credentials: okThe skill requests no environment variables or credentials. It does execute a fixed shell command ('ollama list ...') to detect local models (via child_process.exec), which is expected for its local-model-detection feature. The command is hard-coded and not built from untrusted input, so this is proportionate to its purpose. Note: the skill writes usage/cost data and control state to local files which may contain sensitive consumption information.
Persistence & Privilege: okalways:false and user-invocable:true. The skill persists only to its own directory (.openclaw/data) and does not modify other skills or global agent configurations. Its level of persistence is proportional to its monitoring/control purpose.