Skillv1.0.0

ClawScan security

Token Usage Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 7:31 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose (local token logging, timestamp normalization, and context summarization); it writes local logs and includes only lightweight example scripts without external network calls or secret access.
Guidance: This skill appears to do exactly what it says: local token accounting, timestamp conversion, simple summarization, and example alerting. Before installing or deploying: 1) Read the scripts (they are small) and choose a safe log_folder (not a world-readable or system directory). 2) Restrict filesystem permissions for the log folder and consider rotating/retention to avoid unbounded disk growth. 3) Audit what you log — call payloads may include sensitive data; add redaction or avoid logging full contexts if privacy is a concern. 4) Do not enable or add webhook/web network calls (token_alerts hints at this) unless you trust the endpoint and sanitize data. 5) If you deploy the systemd example, update ExecStart path and User from the sample values before enabling. 6) Test in a controlled environment first. Overall: coherent and low-risk if used as-local examples and properly configured.

Review Dimensions

Purpose & Capability: okName/description (token logging, alerts, summarization) match the provided scripts. All scripts operate locally, use only standard Python libraries, and require no external credentials or unrelated binaries.
Instruction Scope: noteSKILL.md instructs installing/wiring example scripts into your pipeline and using the summarizer. The scripts do perform filesystem actions (create ./skills/logs, append JSONL logs, replace files during migration/dedupe). The README and SKILL.md state the examples are safe and won't change system services automatically — this is true for services, but the scripts do modify local disk state (logs, tmp files). Also token_alerts includes a comment about replacing prints with webhooks; while not active by default, modifying scripts to post externally could exfiltrate logged data. The interceptor will process message payloads (which may contain sensitive content) and forward logging info, so review/redact before use.
Install Mechanism: okThere is no install spec (instruction-only). The package contains example Python scripts only — no downloads, packaged installers, or remote code execution. Risk from install mechanism is low.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths beyond the provided skill-config.json. Log files are written under a relative ./skills/logs by default; this is proportional to the stated logging purpose.
Persistence & Privilege: okalways is false; the skill does not request persistent platform privileges or modify other skills. Scripts write and rotate/replace local log files under their own paths only.