Claude Usage Analyzer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is purpose-aligned and says it runs offline, but it depends on an external CLI and reads local Claude Code session logs that may contain sensitive conversation data.
Before installing or using it, make sure you trust the external claude-usage-analyzer CLI and understand that it will read local Claude Code session logs. The artifacts say it runs offline with no API keys or network access, but generated reports may still reveal sensitive project or conversation details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can expose or summarize information from past Claude Code sessions in its output.
Claude Code session logs may contain prompts, responses, file paths, project names, and other private context; reading them is expected for this skill but still sensitive.
Reads `~/.claude/projects/*/*.jsonl` (local Claude Code session logs)
Use it only when you are comfortable letting the analyzer read local Claude Code logs, and avoid sharing generated reports if they include sensitive project or conversation details.
The safety of the actual analysis depends on the separately installed CLI and how it was obtained.
The skill relies on an external executable that is not included in the reviewed artifacts, so its implementation and installation provenance are outside this scan.
Requires the `claude-usage-analyzer` CLI to be pre-installed. See https://github.com/SingggggYee/claude-usage-analyzer for installation instructions.
Install the CLI only from a trusted source, review its installation instructions, and keep it updated.