Skillv1.0.0

ClawScan security

skill-stats · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 4:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (collecting local skill usage from Claude Code and OpenClaw session files); it reads and aggregates local session and skill metadata and stores local stats — behavior is coherent with its description.
Guidance: This skill is coherent with its purpose, but it reads many local session and settings files under ~/.claude and ~/.openclaw which may contain sensitive conversation content or metadata. Before running: - Review the bundled scripts (already included) to confirm behavior (they only parse and aggregate invocation records and write local JSON files). - Be aware SKILL.md suggests using 'npx -y tsx', which will fetch the 'tsx' runner from npm if you don't have it; if you prefer, install/inspect tsx locally or run the scripts with your own node/ts runner. - If you have sensitive data in session files, consider running in a limited environment or backing up/removing sensitive sessions first. - Check the files the skill will create (~/.claude/skill-stats/*, ~/.openclaw/skill-stats/*) and their permissions after execution. - If you need stronger guarantees, run the scripts in a container or on a machine/user profile dedicated to diagnostics.

Review Dimensions

Purpose & Capability: okName/description and the included code align: the scripts scan local Claude Code (~/.claude) and OpenClaw (~/.openclaw) session and skill directories to extract skill invocation records and compute usage stats. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteThe SKILL.md and scripts instruct the agent to read numerous files under the user's home (~/.claude and ~/.openclaw), including session .jsonl files, settings.json, and SKILL.md files for discovered skills. This is consistent with the stated purpose, but it does mean the skill will access potentially sensitive session content and metadata (user messages, cwd, etc.). The code appears to only extract structured invocation records, but it reads whole files to parse them.
Install Mechanism: noteThere is no packaged install spec; SKILL.md recommends running the included TypeScript using 'npx -y tsx ${SKILL_DIR}/scripts/main.ts'. That will cause npx to fetch the 'tsx' runner from npm if not present. The skill's own code is bundled in the package (no external download URLs), so runtime risk is limited to executing these local scripts and the tsx runner fetched by npx.
Credentials: okThe skill requests no credentials or secret environment variables. It does use process.env.HOME to locate user directories (normal). It reads user settings (enabled plugins) and skill directories to determine scope — these accesses are proportional to its function.
Persistence & Privilege: okalways:false and the skill does not request elevated or platform-wide privileges. It writes statistics to local files under ~/.claude/skill-stats and ~/.openclaw/skill-stats, which is appropriate for a local usage-collection tool and does not modify other skills' configurations.