Ccsinfo
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ccsinfo Version: 0.1.6 The skill is classified as suspicious primarily due to a supply chain vulnerability: `scripts/install.sh` instructs the agent to install the `ccsinfo` CLI tool from PyPI using `uv tool install ccsinfo`. If the `ccsinfo` package on PyPI were compromised, this would lead to the installation and execution of malicious code. Additionally, the skill's core function involves accessing and transmitting potentially sensitive Claude Code session data (conversations, prompts, tool calls) over a network to a user-configured `CCSINFO_SERVER_URL`, which, while stated as its purpose, inherently carries risk due to the sensitive nature of the data and reliance on an external, user-defined endpoint.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other machines on the same network may be able to access your Claude Code conversation history, prompts, tool calls, and project information if the server lacks separate protections.
Binding to 0.0.0.0 makes the server reachable beyond localhost, and the artifacts do not document authentication, encryption, or access controls for the REST API that serves private Claude Code session data.
ccsinfo serve --host 0.0.0.0 --port 9999 ... The server reads Claude Code session data from `~/.claude/projects/` and exposes it via REST API.
Prefer binding to localhost, using an SSH/VPN tunnel, enabling authentication and TLS if supported, and restricting access with a firewall before exposing this service on a LAN.
Past session content could reveal sensitive information or influence the agent if retrieved text contains misleading instructions.
The skill intentionally retrieves stored Claude Code conversations and prompt history, which can contain secrets, private code context, or old instructions that should not be treated as current trusted instructions.
View conversation messages ... `ccsinfo sessions messages <session-id>` ... Search prompt history ... `ccsinfo search history "implement feature"`
Treat retrieved session data as untrusted reference material, avoid asking the agent to expose secrets, and review outputs before sharing them elsewhere.
Installing or upgrading later could run a different package version than the one reviewed here.
The client install pulls the latest ccsinfo package from PyPI at setup time. This is expected for the skill, but the artifact does not pin a version or hash.
uv tool install ccsinfo --upgrade
Install only from a trusted source, consider pinning a known-good version, and review the upstream package/server documentation before use.