Skillv1.0.1

ClawScan security

glm-plan-usage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 13, 2026, 8:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (query GLM plan usage) but its metadata and runtime behavior are inconsistent: it reads your OpenClaw config for an API key and sends it to open.bigmodel.cn while declaring no credentials required, and it hardcodes the API base URL rather than using the configured baseUrl.
Guidance: This skill largely does what it claims, but review and be aware of two issues before installing: - The script reads your OpenClaw config (~/.openclaw/openclaw.json) and extracts an API key for the detected provider; that key is included in Authorization headers and sent to https://open.bigmodel.cn. Verify you are comfortable with that provider receiving the key and that the key in your config is scoped appropriately. - The registry metadata lists no required credentials, which is inaccurate. Expect the script to require a provider entry with baseUrl containing api/coding/paas/v4 and an apiKey in ~/.openclaw/openclaw.json. - The script hardcodes API_BASE to https://open.bigmodel.cn rather than using the provider's baseUrl value; if you use a proxy/custom endpoint this may not work. Inspect scripts/query-usage.sh yourself (or run it in a safe environment) to confirm behavior before installing. If you have other sensitive API keys in your OpenClaw config, consider removing/isolating them or creating a separate provider entry with a limited-scope key just for monitoring.

Review Dimensions

Purpose & Capability: okSkill name/description (query GLM coding plan usage) matches the provided script and docs. The included script queries quota/model/tool endpoints on the GLM monitoring API and formats the result; those operations are appropriate for the stated purpose.
Instruction Scope: noteRuntime instructions and the script are focused on reading ~/.openclaw/openclaw.json to detect a provider, extracting an API key, and calling three monitoring endpoints on open.bigmodel.cn. The script does not attempt to exfiltrate data to unrelated endpoints or read arbitrary system files, but it will access the user's OpenClaw config (which may contain multiple provider API keys).
Install Mechanism: okNo install spec is provided (instruction-only skill plus a bash script). Installation is typical (copy files into ~/.openclaw/skills and make script executable). No remote downloads or archives are performed by the skill itself.
Credentials: concernRegistry metadata declares no required credentials, but the script expects and reads an API key from ~/.openclaw/openclaw.json and uses it in Authorization headers when calling the monitoring API. This is a meaningful mismatch: the skill requires access to a secret stored in the user's config, and that secret will be sent to open.bigmodel.cn. The script also reads the HOME environment (for the config path) and an optional OPENCLAW_LANGUAGE env var; those are reasonable but not declared.
Persistence & Privilege: okThe skill is user-invocable and not always-enabled. It does not request elevated OS privileges, does not modify other skills or system-wide configuration, and does not persist new credentials. Installing simply places files under the user's ~/.openclaw/skills folder.