Skillv1.1.3

ClawScan security

Openclaw Cost Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 20, 2026, 5:30 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose of analyzing local OpenClaw session JSONL data; it reads local files and produces reports and does not request unrelated credentials or perform network calls.
Guidance: This skill appears to do what it claims: read local OpenClaw session JSONL files and produce cost/token reports. Before running: (1) Inspect the bundled scripts (you already have the source) and run them as a non-root user where possible; (2) adjust example absolute paths in SKILL.md to match your environment (the examples use /root/...); (3) if you plan to use cron, ensure the output destination is secure and does not leak to remote endpoints; (4) if you expect to use the preferred 'openclaw-cost-diff' tool, install it from a trusted source rather than running anything fetched from an unknown URL. If you want additional assurance, run the script in a sandbox or container on a copy of your agents directory first.

Purpose & Capability: okName/description match the included artifacts: SKILL.md and the bundled Python fallback both read local OpenClaw session data and compute token/cost breakdowns. The preferred external tool (openclaw-cost-diff) is optional and consistent with the description.
Instruction Scope: noteInstructions and the script operate on local session JSONL files under an agents directory (~/.openclaw/agents or OPENCLAW_HOME/agents). Example invocations use absolute root paths (e.g., /root/.openclaw/venvs/...) which are examples only — users should adjust to their environment. The runtime instructions do not instruct reading unrelated system files, exfiltrating data, or calling external endpoints.
Install Mechanism: okNo install spec is provided (instruction-only skill with a bundled script). Nothing is downloaded or executed from remote URLs by the skill itself.
Credentials: okThe skill declares no required environment variables or credentials. The script optionally respects OPENCLAW_HOME to discover agents, which is appropriate and proportionate to its file-discovery behavior.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system settings.