Skillv1.0.0

ClawScan security

Spark Context Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 8:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a local token-usage estimator and matches its description, but there are packaging/build inconsistencies that could break runtime behavior and warrant caution before installing.
Guidance: This skill's functionality (estimating token use from the current session) is coherent and it does not ask for secrets or network access, but there are practical issues you should check before installing: 1) skill.json points to dist/index.js but a compiled dist file is not present in the package — confirm whether your platform will build the TypeScript source automatically or whether you must run npm install && npm run build first; 2) tests import named functions that the source file does not explicitly export (a code/test mismatch), which suggests sloppy packaging; 3) verify the GitHub repository and author identity (skill metadata points to a repo) and optionally review the compiled/dist code that will actually run on your agent; 4) remember the estimator is approximate (SKILL.md says ±10%), and the skill depends on the platform providing context.sessionHistory and modelName — confirm what data the platform passes into context to avoid unexpected behavior. If you want to proceed, run the build and tests locally and inspect the resulting dist/index.js before installing.

Review Dimensions

Purpose & Capability: okName/description match the code: the skill estimates token usage from the current session history, generates a progress bar and warnings, and supports the /token trigger. It does not request credentials or unrelated capabilities.
Instruction Scope: okSKILL.md and README describe only local estimation of session token usage and the code uses context.sessionHistory and modelName as expected. There are no instructions to read unrelated files, call external endpoints, or exfiltrate data; the README explicitly claims local-only operation.
Install Mechanism: concernRegistry metadata lists no install spec (instruction-only), but the package contains TypeScript source, package.json, and devDependencies. skill.json.main points to dist/index.js, yet the package manifest provided does not include a compiled dist/index.js file. README mentions npm install and build steps, but SKILL.md does not. This mismatch (no automated install/build declared vs. TypeScript source requiring a build) is an operational inconsistency that may cause the skill to fail or force the platform/user to run build steps manually.
Credentials: okThe skill declares no required env vars, no credentials, and the code does not reference environment variables or external credentials. Requested access is proportional to the stated purpose.
Persistence & Privilege: okFlags show always:false and normal invocation behavior. The skill does not request persistent system-wide privileges or modify other skills. It only expects to be invoked via triggers/commands.