Skillv1.1.1

ClawScan security

Agent Cost Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 6:10 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and scope are internally consistent with a monitoring/cost-reporting purpose; it is instruction-only, requests no credentials, and does not install code.
Guidance: This skill appears coherent and low-risk as-is: it only describes reading agent session state and computing estimates and recommendations. Before enabling it, check two things: (1) what platform permissions an agent running this skill will have — if it can write agent configs, it could apply the example changes (cacheRetention, session resets, model swaps) automatically; restrict write permissions if you only want reports, and (2) if you configure external alert channels (Telegram, webhooks, etc.), provide tokens only to an agent you trust. Run the skill in an isolated/non-production agent first to confirm behavior and outputs.

Review Dimensions

Purpose & Capability: okName/description (cost monitoring across agents) match the instructions: it reads session_status/sessions_list, computes per-agent token/cost metrics, compares to budgets, and issues alerts/recommendations. No unrelated binaries, environment variables, or install steps are requested.
Instruction Scope: noteThe SKILL.md stays within monitoring and recommendation tasks. It explicitly uses platform-internal tools (session_status, sessions_list) which is coherent. Note: the document contains example JSON snippets that change session/reset/cache/model parameters and recommends moving agents between model tiers — these are configuration-change suggestions. The skill does not include explicit commands that will automatically modify other agents, but an agent with write privileges could apply those snippets; review platform permissions before allowing autonomous writes.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing written to disk and no external packages downloaded.
Credentials: okNo environment variables, secrets, or external API keys are required. The SKILL.md mentions alert channels (e.g., Telegram DM) as an example but does not request corresponding tokens — if you configure such channels, you must supply credentials separately. No unexpected credentials are requested by the skill itself.
Persistence & Privilege: okalways is false (not forced into every agent run). The skill can be invoked autonomously by agents (default) which is normal for skills; combined with the configuration-change examples, consider restricting write permissions if you do not want automated configuration changes across agents.