Skillv1.0.1

ClawScan security

Token Optimizer Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 9:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's claimed capabilities (monitor token usage across agents/sessions and produce cost analysis) don't match the instructions and manifest: it references a 'token-optimizer' CLI and cross-agent telemetry but declares no binary, install, credentials, or data sources.
Guidance: This skill is inconsistent: it promises cross-agent token/billing analysis but gives no source code, install instructions, or credentials. Before using it, ask the publisher for: (1) the repository or homepage and a verifiable release for the 'token-optimizer' CLI; (2) exact install steps and expected binary path; (3) which APIs, logs, or credentials it needs and why (billing, telemetry, agent logs); (4) a minimal-permissions list and a hash/signature for any binaries. If you must try it, run it in a controlled environment, do not grant broad admin/billing credentials, and verify the binary's origin and integrity. Because the skill could assume access to sensitive telemetry/billing data but does not declare how it obtains that access, treat it cautiously.

Review Dimensions

Purpose & Capability: concernThe description promises cross-agent/model/session token monitoring, cost estimation, and alerts — which inherently require access to telemetry/billing APIs, agent logs, or an installed tool. The SKILL.md shows commands for a 'token-optimizer' CLI, but the registry metadata lists no required binary, no install spec, no homepage/source, and no credentials. That mismatch makes it unclear how the skill would actually obtain the data it promises.
Instruction Scope: concernRuntime instructions are limited to example CLI commands (e.g., 'token-optimizer report') but provide no guidance on where data comes from, how the CLI is installed, what permissions it needs, or whether it reads internal logs or billing endpoints. The instructions do not explicitly ask the agent to read any files or env vars, but the skill's functionality would require privileged data access not described here.
Install Mechanism: noteThis is an instruction-only skill (no install spec or code), which minimizes direct disk-write risk. However, because it references an external CLI without providing an install or source, there's ambiguity: the skill assumes a preexisting 'token-optimizer' binary but doesn't declare it. That omission is an operational/integrity concern (where does the binary come from?), not a direct install risk in the manifest itself.
Credentials: concernNo environment variables, credentials, or config paths are requested, yet the promised monitoring and cost estimation would typically require access to account/billing or telemetry credentials (or a service API token). The absence of any declared credential is disproportionate and unexplained.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable only. It doesn't request persistent privileges or claim to modify other skills or system-wide settings.