Back to skill
Skillv1.0.1
ClawScan security
Token Cost Estimator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 10:17 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says — it analyzes local OpenClaw session transcript files to estimate token costs — but it reads sensitive session data, so review the script and its outputs before running.
- Guidance
- This skill is internally consistent with its purpose, but it reads your OpenClaw session transcripts (sensitive conversation data) from ~/.openclaw/agents. Before running: (1) inspect the provided Python script so you understand exactly what is read and what is output; (2) run it locally in a safe environment (don't pipe results to unknown services); (3) update pricing constants to current rates if you need accurate numbers; (4) be aware the script uses a rough token approximation (chars/4) and omits some internal system/tool tokens, so treat results as estimates; (5) avoid granting autonomous execution to this skill unless you trust it to run on your transcripts without exfiltrating them.
Review Dimensions
- Purpose & Capability
- okThe name/description match the instructions: the SKILL.md provides a Python script that reads OpenClaw session JSONL files from ~/.openclaw/agents/... and computes token/cost estimates. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- noteInstructions explicitly read user session transcripts from ~/.openclaw/agents/<agent>/sessions/*.jsonl and compute estimates locally. This is expected for the stated purpose but entails accessing potentially sensitive conversation data; the script does not instruct any network exfiltration, but outputs should be handled carefully.
- Install Mechanism
- okNo install spec or code files beyond the SKILL.md; the skill is instruction-only and does not download or install external artifacts.
- Credentials
- okNo environment variables, credentials, or config paths are required beyond the explicit session file path. Access to the user's home session files is proportional to the cost-estimation purpose, though it is sensitive data.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request system-wide changes. Model invocation is allowed (platform default), which means the agent could run the instructions autonomously if permitted — combine that with transcript access only if you trust the skill.