Back to skill
Skillv1.0.0
ClawScan security
AI Agent Token Cost Estimator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 10:11 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only estimator whose requested resources and runtime instructions match its stated purpose and it does not ask for credentials or install anything.
- Guidance
- This skill is instruction-only and coherent with its purpose—no credentials or installs are requested, so the security risk is low. Before using it: (1) verify the estimates against real model pricing for your target API and model, since outputs are approximate; (2) test with non-sensitive example agent descriptions (do not paste secrets); (3) consider adding runtime protections (token limits, step limits, budgets) in any production pipeline that uses these estimates; and (4) note the skill's source is unknown (no homepage), so if provenance or accountability matters for your environment prefer skills with known maintainers.
Review Dimensions
- Purpose & Capability
- okName/description (token/cost estimation) align with the SKILL.md: it only asks for an agent description, model, steps, and tools to produce an estimate. There are no unrelated requirements (no env vars, binaries, or installs).
- Instruction Scope
- okInstructions are confined to asking the user for an agent description and guidelines for estimating tokens/costs. They don't instruct the agent to read files, access environment variables, call external endpoints, or transmit data elsewhere.
- Install Mechanism
- okNo install spec and no code files—this is instruction-only, so nothing is written to disk or fetched at install time.
- Credentials
- okNo credentials, env vars, or config paths are requested. The scope of required data (agent description, model, steps, tools) is proportional to the stated task.
- Persistence & Privilege
- okalways is false and there is no indication the skill modifies system-wide settings or other skills. The skill can be invoked autonomously per platform defaults, but it has no privileged access.