Skillv1.0.1

ClawScan security

Context Monitor Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 5:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are internally consistent with a token-usage monitor — it does not request external credentials, perform network I/O, or store conversation data; however, the SKILL.md contained a scanner-detected 'unicode-control-chars' pattern that should be inspected before install.
Guidance: This skill appears to do what it claims: estimate token usage from the agent-provided session history and append a status/footer. Before installing: 1) Inspect SKILL.md (open in an editor that shows invisible characters or view hex) because the scanner detected unicode control chars; 2) Confirm your platform supplies context.sessionHistory and context.modelName to skills (the code expects those fields); 3) Test the skill on non-sensitive conversations first to verify behavior and estimation accuracy; 4) If you want extra assurance, review the GitHub repo linked in the package or run the included unit tests locally. If you see unexpected hidden characters or any code that makes network calls or writes files, do not install.
Findings: [unicode-control-chars] unexpected: A regex-based pre-scan flagged unicode control characters in SKILL.md. The functionality of the skill does not require hidden control characters; such characters can be used to hide or obfuscate prompt injection text. The visible SKILL.md appears normal, but you should manually inspect the file (or view it in a hex/escaped form) to confirm there are no hidden instructions or invisible characters that could alter how prompts are interpreted.

Review Dimensions

Purpose & Capability: okName/description (context token monitoring) matches the code and README: functions estimate tokens, map model context limits, build progress bars, and produce appended status messages. No unrelated credentials, binaries, or surprising dependencies are declared.
Instruction Scope: okSKILL.md instructions are scoped to showing context usage and related commands (/context, /new, /compact). The runtime code only reads context.sessionHistory and context.modelName (expected inputs from the host agent) and returns a formatted status string. There is no instruction to read arbitrary files, exfiltrate data, or call external endpoints.
Install Mechanism: noteThe skill is instruction-only (no explicit install spec), but the package includes source, dist, and package-lock files. That is not itself dangerous, but because there is no provided install script the platform's normal 'claw skill install' process will determine installation behavior — review the platform install step. No external download URLs or extract operations are present in the bundle.
Credentials: okThe skill requires no environment variables, credentials, or config paths. It processes session content in memory and the code does not reference secrets or system config. This is proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request 'always: true' and contains no code that modifies other skills or writes persistent credentials. The SKILL.md claims 'no storage' and the code does not persist data — it only computes estimates from provided context. Normal autonomous invocation remains allowed (platform default).