ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Usage Release

Check Claude Max plan usage limits by launching Claude Code and running /usage. Use when the user asks about Claude plan usage, remaining quota, rate limits,...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 581 · 0 current installs · 1 all-time installs
byChunhua Liao@chunhualiao
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to check Claude Max usage (reasonable), but the package metadata/registry entry lists no required binaries or config paths while SKILL.md explicitly requires the Claude Code CLI and the expect binary (and authenticated Claude CLI). The omitted declarations are disproportionate to the metadata and reduce transparency.
!
Instruction Scope
Runtime instructions tell the agent to spawn an interactive Claude Code TUI via expect and parse its output (expected for a TUI workaround). The fallback instructs reading ~/.claude/stats-cache.json to obtain usage data—this reads a local config/cache file that may contain sensitive session data and was not declared in the skill's required config paths.
Install Mechanism
No install spec (instruction-only). This minimizes installer risk because nothing arbitrary is downloaded or written by the skill itself.
!
Credentials
The skill requests no environment variables, but it requires an authenticated Claude CLI and reads local cache (~/.claude/stats-cache.json) in fallback. Accessing local CLI auth state or cache is effectively access to credentials/session material and should have been declared; the lack of declared credentials/config paths is disproportionate.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide settings. It runs only when invoked.
What to consider before installing
This skill appears to do what it says (automate the Claude Code CLI to run /usage) but the metadata omits important runtime requirements and local file access. Before installing or enabling it, consider: - Verify the claude CLI is trustworthy and up-to-date; this skill spawns that CLI with an automated TUI script. - Inspect the contents of ~/.claude/stats-cache.json on your system to confirm it doesn't contain secrets you wouldn't want parsed or transmitted; the SKILL.md's fallback reads this file but the skill metadata does not declare it. - Prefer a non-interactive, documented API or official CLI flag for usage data rather than PTY/expect automation where possible; expect-based automation is brittle and can accidentally surface more output than intended. - Ask the skill author to update skill.yml/registry metadata to explicitly list required binaries (expect, claude), required config paths (e.g., ~/.claude/stats-cache.json), and to clarify exactly what data is read and formatted. Given the inconsistencies, treat the skill as allowed only in a controlled environment and avoid granting it access to accounts containing sensitive tokens until these gaps are corrected.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97f6era5kdepc71y6zv7wh4r981bgp1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Claude Usage

Check Claude Max subscription usage by launching Claude Code interactively.

Requirements

  • expect must be installed (available at /usr/bin/expect on macOS)
  • Claude Code CLI must be installed and authenticated

Procedure

Use expect to automate the interactive TUI (the /usage command is a terminal UI, not a simple CLI):

  1. Run the expect script to launch Claude Code and execute /usage:

    expect -c '
spawn claude
expect "Welcome"
send "/usage\r"
expect "Show plan usage"
sleep 1
send "\r"
expect "Resets"
'

  2. Parse the output for these metrics:

    • Current session: Look for "Current session" line with percentage and reset time
    • Current week (all models): Look for "Current week (all models)" with percentage and reset date
    • Current week (Sonnet only): Look for "Current week (Sonnet only)" with percentage
    • Extra usage: Look for "Extra usage" line

  3. Strip ANSI escape codes from output before parsing

  4. Format and relay the metrics to the user

Example Output

The expect script returns something like:

Current session     ██████████░░░░░░░░░░░░░░░░░ 21% used    Resets 5:59pm (America/Los_Angeles)

Current week (all models)
████████████████████████░░░░░░░░░░░░░ 28% used    Resets Feb 21 at 6am (America/Los_Angeles)

Current week (Sonnet only)
█████████████████████████░░░░░░░░░░░░ 29% used    Resets Feb 21 at 7am (America/Los_Angeles)

Extra usage
Extra usage not enabled • /extra-usage to enable

$50 free extra usage · /extra-usage to enable

Fallback

If expect is not available, fall back to:

  1. claude auth status - shows subscription type (Max/Pro)
  2. ~/.claude/stats-cache.json - shows local session token counts (limited data)

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…