ai-quota-check
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This quota-checking skill is mostly aligned with its purpose, but it reads local auth/session files and automatically invokes the Codex CLI in ways that are not clearly disclosed to the user.
Review this skill before installing. It is plausibly a real quota dashboard, but it needs access to local provider auth/session data and will automatically run a Codex CLI request to refresh limits. Install only if you trust the publisher and are comfortable with those local account-access behaviors.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and running the skill may let it use locally stored provider login credentials to query Antigravity or GitHub Copilot account/quota APIs.
The script reads the user's local OpenClaw auth profile file and contains provider API calls using bearer tokens, while the registry declares no primary credential, env var, or required config path.
const AUTH_FILE = path.join(process.env.HOME, '.openclaw/agents/main/agent/auth-profiles.json'); ... JSON.parse(fs.readFileSync(AUTH_FILE, 'utf8')); ... 'Authorization': `Bearer ${token}`Only install if you are comfortable with it reading local auth profiles. The skill should explicitly declare the auth/config files it reads, list which provider tokens it uses, and avoid accessing unrelated profiles.
A quota check can silently make a Codex request using the user's account, potentially consuming quota and changing local Codex session files.
The script automatically runs the local Codex CLI whenever it refreshes Codex quota data, rather than only reading an existing quota endpoint or asking for explicit confirmation.
execSync('codex exec --skip-git-repo-check "reply OK"', { cwd: process.env.HOME, stdio: 'ignore', timeout: 60_000 }); ... // Always refresh Codex rate limits by issuing a tiny Codex request first.The skill should clearly disclose this behavior, provide an opt-out or cached-only mode, and avoid automatic provider calls unless the user explicitly agrees.
The skill may open recent Codex session logs on your machine, even though it appears to extract only rate-limit fields.
The code reads local Codex session JSONL files to extract rate-limit events. This is purpose-aligned for quota checking, but session files can contain sensitive conversation context and the SKILL.md does not disclose this local data access.
const CODEX_SESSIONS_DIR = path.join(process.env.HOME, '.codex', 'sessions'); ... const text = fs.readFileSync(filePath, 'utf8'); ... if (payload?.type === 'token_count' && payload?.rate_limits)
The skill should document the exact session path it reads, minimize parsing to only needed records, and state that it does not display or transmit conversation contents.