Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Token Config Checker
v1.1.4批量检测 token / auth JSON 配置文件有效性,并可对 access token 做在线轻量探测,自动输出脱敏报告。适用于排查 Codex/OpenAI/OpenAI 兼容客户端导出的登录配置、会话凭据文件、token 缓存文件。支持把配置分为 valid / no_quota / invalid...
⭐ 0· 97·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, README, SKILL.md and scripts align: they validate token JSONs, decode JWTs, check expirations, and optionally perform online probes. Those capabilities justify reading token-containing files and making HTTP requests to probe endpoints. However, the enhanced script contains CODEX-specific logic (CODEX_USAGE_URL -> 'https://chatgpt.com/backend-api/wham/usage', CODEX_UA user agent) and an unexplained hardcoded HTTP header 'Authorization': 'Bearer ab87036181' — these items are not documented in SKILL.md and lack justification in the README, which is unexpected.
Instruction Scope
SKILL.md warns that files are sensitive and recommends using --probe-url for private relays, but it does not clearly state that using --probe will send the file's access_token/account_id inside a JSON payload to the probe URL (the enhanced script builds a payload containing the token and account_id and POSTs it to the probe endpoint). That means probing can transmit full tokens to remote servers. The instructions understate this transmission and do not warn users that probe-url must be fully trusted; this is scope creep compared to a simple direct test against the service.
Install Mechanism
No install spec; it's instruction + scripts only. There is no package download or archive extraction. This minimizes installation risk.
Credentials
The skill requests no environment variables or system config, which is proportionate for a file-scanning/probing tool. However the scripts act on arbitrary filesystem paths you point them at and may send token values to remote endpoints when --probe is used. The combination of scanning sensitive files and network probes (especially the codex panel flow that embeds tokens in payloads) is sensitive and requires the user to trust the probe endpoint.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skill configs. It runs as invoked and does not escalate agent privileges.
What to consider before installing
This tool largely does what it says (checks token JSONs and can probe tokens), but exercise caution before using the --probe option: the enhanced script will embed your access_token and account_id inside a JSON payload and POST it to the probe URL you supply (or to a panel-style endpoint), which means tokens can be transmitted off your machine. Notable red flags in the code: a hardcoded header Authorization: 'Bearer ab87036181' and a CODEX usage URL pointing to chatgpt.com — neither is explained in the README. Recommendations:
- If you only need structural checks, run the scripts without --probe (offline checks).
- If you must probe, only point --probe-url to services you fully control (local network or endpoints you administer).
- Review the code lines mentioned (build_codex_panel_payload and online_probe_codex_panel) so you understand exactly what is sent to probe-url.
- Consider running the script in an isolated environment (air-gapped VM or container) and monitor outbound network traffic before trusting it with sensitive token files.
- If unsure, ask the provider/author to explain the hardcoded Authorization value and why codex panel payloads are sent in that form; absence of a clear justification is a risk indicator.Like a lobster shell, security has layers — review code before you run it.
latestvk97bpsp8b52pft7p7prsxd3c9s83gdq9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.