v1.2.2

Lemnos Cost Guard

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:13 AM.

Analysis

This looks like a purpose-aligned cost-tracking skill, but it deserves review because it reads local OpenClaw session files and stores task-cost logs.

GuidanceUse this skill if you want local cost guardrails, but review the scripts first because they read OpenClaw session logs from /root/.openclaw and store task-cost history under the workspace. Avoid sensitive task descriptions in logs, check whether the fixed $5/day budget policy fits your workflow, and verify the hard-coded paths match your environment.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

≥100% of $5/day → hard stop, notify user immediately ... Load ONLY what the current task requires

The skill tells the agent to change stopping behavior and context loading based on budget thresholds. This is disclosed and aligned with cost enforcement, but it can override normal task continuation.

User impactThe agent may pause or stop lower-priority work when the configured budget is exceeded.

RecommendationConfirm the daily budget and stopping policy match your preferences before relying on the skill.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

No install spec — this is an instruction-only skill ... Required binaries ... none ... Code file presence: 6 code file(s)

The package includes executable Python helper scripts even though no install or binary requirements are declared. The scripts are visible and purpose-aligned, so this is a disclosure/metadata gap rather than hidden code.

User impactYou may need Python and local file permissions even though the registry requirements do not say so.

RecommendationReview the included scripts before invoking them and ensure your OpenClaw environment paths match the hard-coded locations.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

scripts/auto_cost_report.py

SESSION_DIR = "/root/.openclaw/agents/main/sessions" ... "Reads directly from OpenClaw's session JSONL files."

The automatic reporter reads the agent's persistent session files to extract usage and cost data. Those session files can contain sensitive conversation/context data even though the shown code only prints aggregated cost fields.

User impactRunning the automatic reporting scripts can inspect local OpenClaw session history to compute costs.

RecommendationInstall only if you are comfortable granting the skill read access to OpenClaw session logs; review the script paths and keep session/log retention appropriate for your privacy needs.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/task_logger.py

LOG_PATH = "/root/.openclaw/workspace/skills/lemnos-cost-guard/references/task-log.jsonl" ... "description": description

The task logger persists task descriptions, timing, token counts, and cost deltas in a local JSONL file. This is expected for task-cost reporting, but it may record sensitive task details.

User impactTask names, descriptions, and cost metadata may remain on disk after use.

RecommendationUse non-sensitive task descriptions where possible and periodically review or delete task-log and snapshot files.