toll
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a clear wrapper around the toll CLI for cost summaries, with disclosed but noteworthy reliance on an external CLI that reads local Claude/Codex session logs.
This skill appears purpose-aligned for viewing token and cost statistics. Before installing, make sure you trust the toll CLI source and understand that it reads local Claude/Codex session logs; review the remote installer or use a trusted package method if possible.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you choose the quick install, your shell will execute code fetched from GitHub before the toll CLI is used.
The quick install method runs a remote script from a moving GitHub branch. It is disclosed and user-directed, but it relies on trusting that remote source at install time.
curl -fsSL https://raw.githubusercontent.com/Fullstop000/toll/refs/heads/master/install.sh | sh
Install only from a trusted source; consider reviewing the install script, using a pinned release if available, or using cargo install from a trusted Rust toolchain.
Those local logs may reveal sensitive project names, prompts, or coding activity even though the stated output is aggregate usage and cost data.
The skill explicitly depends on reading persistent local AI coding session logs to calculate usage and cost statistics.
Logs are read from `~/.claude/projects/**/*.jsonl` (Claude Code) and `~/.codex/sessions/` (Codex CLI).
Run the skill only if you are comfortable with the toll CLI reading these local session directories, and avoid exporting or sharing outputs if they reveal sensitive activity.