Skillv1.0.2

ClawScan security

API Credit Health Bar Lite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 7:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, optional environment variables, and runtime instructions are consistent with its stated purpose of showing and tracking API credit balances; nothing in the files indicates unexplained access or hidden endpoints.
Guidance: This skill appears to do exactly what it says: local config-based health bars plus optional API checks for OpenAI, OpenRouter, and Vercel. Before installing or running: 1) Prefer manual-sync mode if you want zero network access (do not set any API env vars). 2) If you enable auto-checks, set only minimal-privilege or billing-scoped API keys where possible — avoid handing highly privileged org-admin keys unless you understand the billing API requirements. 3) Keep config.json permissioned (e.g., chmod 600) and do not store keys in files. 4) Review the check_openai.py note about requiring an org admin key — if you cannot get a minimally privileged key that returns billing info, use manual sync instead. 5) The repository contains duplicated scripts in root and scripts/ — expected for packaging but you can inspect files locally before running. If you need higher assurance, run the scripts in a disposable environment or review/execute them line-by-line to confirm network targets and no surprising behavior.

Review Dimensions

Purpose & Capability: okName/description (API credit health bars) align with contained scripts: reading/writing a local config.json, rendering health bars, manual sync, and optional API auto-checks for OpenAI, OpenRouter, and Vercel. The optional env vars in SKILL.md (OPENAI_API_KEY, OPENROUTER_API_KEY, VERCEL_AI_GATEWAY_KEY) match the providers the code can query.
Instruction Scope: noteSKILL.md and scripts instruct only local config reads/writes and requests to official provider endpoints. One minor inconsistency: check_openai.py comments say it requires an "organization admin API key", while SECURITY.md recommends using project-level or minimal-privilege keys; this is a documentation/conflict note rather than evidence of exfiltration. Scripts run other local scripts via subprocess (expected for this tool).
Install Mechanism: okNo install spec: this is instruction/code-only and runs as local Python scripts. No remote downloads or extract steps, and no unusual install actions observed.
Credentials: noteThe only environment access requested is optional API keys for the providers the skill actually queries. Keys are read from environment variables (not stored). The only concern is the check_openai.py docstring suggesting an org-admin key for billing access; that elevates privilege requirements for the OpenAI check and conflicts with the SECURITY.md guidance to prefer minimal-privilege keys.
Persistence & Privilege: okSkill is not marked always:true and does not request system-wide persistence. It only writes a local config.json inside the skill directory and does not modify other skills or global settings.