Skillv1.0.0

ClawScan security

Aiclient2api Usage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 6, 2026, 10:02 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (reads local AIClient2API cache and optionally triggers a local refresh), but there are coherence issues you should understand before installing: the included scripts read a local password file and usage cache, execute a temporary Node script, and require several command-line tools even though the skill declares no required binaries.
Guidance: This skill is meant to read a local AIClient2API cache and optionally trigger a refresh via the local web API. Before installing or running it: 1) Review the scripts yourself — they will read ~/web/AIClient-2-API/configs/usage-cache.json and ~/web/AIClient-2-API/configs/pwd (these contain account info and a password). 2) Understand that it executes local commands (curl, node, jq, bc, ps, awk, grep, stat). The metadata does not declare these dependencies; make sure those binaries are available and trustworthy. 3) Only use this if you run AIClient2API locally and trust the service and scripts. 4) If you are uncomfortable with a tool reading a local password file, do not install; consider running the commands manually after inspecting them. 5) If you want higher assurance, ask the publisher to: (a) declare required binaries, (b) avoid reading plain-text password files or at least document and justify that access, and (c) avoid executing transient scripts without explicit user consent.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (check local AIClient2API usage) matches what the scripts do (read ~/web/AIClient-2-API/configs/usage-cache.json, hit localhost API, read configs/pwd). However the package metadata declares no required binaries or credentials while the scripts clearly rely on tools (curl, jq, bc, node, ps, awk, grep, stat). Not declaring those dependencies is an incoherence that could cause silent failures or unexpected behavior.
Instruction Scope: noteSKILL.md and the scripts confine actions to a local AIClient2API installation and its cache file, and to 127.0.0.1:16825. That is in-scope for usage-checking. The instructions explicitly tell the agent to read ~/web/AIClient-2-API/configs/usage-cache.json and configs/pwd; this is sensitive but coherent with the stated purpose.
Install Mechanism: okThis is instruction-only (no install spec). No remote downloads or archive extraction occur. The scripts do create and run a temporary Node.js file under /tmp, but that's local execution rather than an installer. No high-risk install mechanism detected.
Credentials: concernThe skill requests no environment variables or registry credentials, yet its runtime behavior reads a local password file (configs/pwd) and the usage cache. Access to local credential files is sensitive; the skill does not declare or warn about this. Also required CLI tools (curl, node, jq, bc) are not declared, meaning the skill assumes the environment has broad tooling available.
Persistence & Privilege: okalways is false and the skill does not modify system-wide configuration or other skills. It writes a temporary /tmp/refresh_usage.js file to trigger a refresh and removes it; this transient file creation is limited in scope and does not persist beyond the run.