How Much Claude Left?

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it locally automates Claude Code to show quota information, with a security-sensitive but disclosed auto-trust step in a temporary folder.

Install only if you are comfortable with a shell script launching your local Claude Code CLI through tmux, using your current Claude login, and auto-trusting a temporary scratch folder to read quota details. Review the short script first and run it only with trusted tmux, git, and Claude Code binaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script creates a fresh git repository, launches Claude Code inside it, and proceeds through the trust flow before issuing /usage. That means the skill is not performing a purely passive quota read; it changes local state and grants the CLI elevated trust for a workspace unnecessarily, expanding the attack surface if Claude Code executes trusted-folder behaviors or future automation within that repo.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The script automatically detects the 'trust this folder' prompt and answers it affirmatively without user review. Auto-approving trust is broader than needed for checking usage and can weaken a security boundary by enabling Claude Code to treat the directory as trusted, which is especially risky in automation because users may not realize trust was granted.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal