Token Alert

ReviewAudited by ClawScan on May 10, 2026.

Overview

Token Alert mostly matches a token-monitoring dashboard, but it also documents automatic session export/summary and optional background, proxy, and credential flows that need clearer user control.

Review this skill before installing. The token alerting and dashboard functions are reasonable, but do not enable auto-export, auto-summary, background notifications, provider setup, or the CORS proxy until you understand what data is accessed, where it is stored, and how to disable or delete it.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernMedium Confidence

ASI02: Tool Misuse and Exploitation

What this means

At high token usage, the skill may automatically export and summarize the current session instead of only alerting you.

Why it was flagged

The dashboard is documented to automatically execute export and summary actions when token usage reaches 90%, without clear user confirmation, destination, or action scope.

Skill content

If triggered AND not already done: ... Wait 2s  exportMemory() ... Wait 2s  summarize()

Recommendation

Disable auto-export by default or require explicit confirmation, and document exactly what is exported, where it is stored, and how to delete it.

ConcernMedium Confidence

ASI06: Memory and Context Poisoning

What this means

Private conversation content could be stored or summarized automatically with unclear retention and deletion controls.

Why it was flagged

Automatic session backup and summary imply persistence or reuse of conversation context, but the artifacts do not clearly specify retention, file paths, exclusions, or reuse boundaries.

Skill content

Auto-Export @ 90% - Automatic session backup ... Auto-Summary - Smart summary before session end

Recommendation

Make session export and summary opt-in, document storage locations and retention, and provide a clear cleanup command.

NoteHigh Confidence

ASI10: Rogue Agents

What this means

If enabled, the skill may keep checking token usage in the background and send desktop notifications.

Why it was flagged

The optional notification setup creates ongoing periodic token checks, which is persistent behavior but is disclosed and aligned with alerting.

Skill content

setup-notifications.sh ... Installs `terminal-notifier` ... Checks tokens every 5 minutes

Recommendation

Enable the notification setup only if you want background monitoring, and review how to disable the scheduled checker.

NoteMedium Confidence

ASI07: Insecure Inter-Agent Communication

What this means

A misconfigured local proxy could expose token status or dashboard actions beyond the intended local browser session.

Why it was flagged

The dashboard may communicate through a local proxy to a gateway API; this is purpose-aligned but should be kept local and access-controlled.

Skill content

CORS Proxy Required ... Proxy script included: `scripts/proxy-server.py` ... Dashboard will use proxy automatically

Recommendation

Run the proxy only on localhost, avoid exposing its port to a network, and review proxy behavior before use.

NoteMedium Confidence

ASI03: Identity and Privilege Abuse

What this means

Supplying provider credentials could grant the skill access to organization usage or billing-related data.

Why it was flagged

The artifacts discuss OpenAI usage tracking that may require high-privilege provider credentials; this appears optional and purpose-related, but it is not declared as a required credential in metadata.

Skill content

Requires admin-level API key

Recommendation

Use the least-privileged key available, avoid admin keys unless necessary, and verify where credentials are stored before configuring providers.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less registry-level information to verify the origin and expected setup of the included code.

Why it was flagged

The registry metadata does not provide clear provenance or an install spec even though the package includes runnable scripts.

Skill content

Source: unknown ... Homepage: none ... No install spec ... 17 code file(s)

Recommendation

Review the included scripts or install from a trusted, pinned repository before running setup or background-monitoring commands.