Agent Audit
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a read-only OpenClaw cost-audit skill, but it runs a bundled Python script and reads local agent configuration and history that may be sensitive.
This skill looks coherent for a read-only AI-agent cost audit. Before installing, be comfortable with it reading your local OpenClaw configuration and usage history, and review any generated markdown report for private details before sharing it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The script can run under the user's local account and inspect local OpenClaw files as part of the audit.
The skill instructs the user to run a bundled Python script. This is expected for the audit function, but it is still local code execution from the skill package.
python3 {baseDir}/scripts/audit.pyRun it only if you trust the skill package, and review the generated report before sharing it.
The audit report may summarize sensitive information about how the user's agents are configured and used.
The skill says it may use prior session history and cron run history to estimate model usage. That is purpose-aligned, but historical agent activity can include private prompts, task names, usage patterns, or other sensitive context.
Pull session history where available
Treat the report as potentially private and avoid sharing it publicly unless you have checked it for sensitive details.
Users have less external context for verifying who maintains the script or where updates come from.
The skill includes a runnable script, but the registry metadata does not provide an upstream source or homepage for independent provenance review.
Source: unknown; Homepage: none
Prefer installing from trusted publishers and review bundled code when provenance information is limited.