ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ai-quota-check

v1.0.1

**DEFAULT quota checker** - Use this skill FIRST when user says '쿼타', '쿼터', 'quota', '쿼타확인', '쿼터확인', or asks about quotas. Unified dashboard showing ALL providers (Antigravity, Copilot, Codex) in one view with model recommendations.

2· 2.3k·10 current·11 all-time
by@kr1json
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's code implements a unified quota checker (Antigravity, Copilot, Codex) and model routing as described. Requiring the 'codex' binary and calling provider APIs is consistent with the stated functionality. However, the skill also reads the agent's local auth-profiles and Codex session files (to infer login status and quotas), which is reasonable for a local quota checker but was not declared in the skill's metadata/requirements.
!
Instruction Scope
SKILL.md instructs the agent to run the bundled script and display its output EXACTLY as-is. The code reads local files (~/.openclaw/agents/main/agent/auth-profiles.json and ~/.codex/sessions/*) and runs 'codex exec' — these file reads and commands are not called out in the SKILL.md or the registry metadata. Requiring the agent to relay raw script output increases the risk of unintentionally exposing sensitive data present in those outputs.
Install Mechanism
There is no install spec (instruction-only with included code). No remote downloads or archive extraction are performed by the skill itself. This is a lower install risk; the skill relies on local 'node' and 'codex' binaries which are reasonable for its task.
!
Credentials
Registry metadata lists no required config paths or credentials, yet the code reads the user's OpenClaw agent auth file and Codex session files in the home directory — files that likely contain provider tokens/credentials. The skill will use those tokens to call provider APIs. Accessing other skills'/agent auth files is sensitive and should have been declared; the lack of declared config requirements is a mismatch and disproportionate to what was advertised.
!
Persistence & Privilege
The skill does not set always:true and does not persist changes, which is good. However, it reads another skill/agent's auth file (agent/auth-profiles.json), giving it read access to possibly many provider tokens. While not persistent, this one-time read is a high-privilege action relative to the advertised capability and should have been explicitly declared and justified.
What to consider before installing
Before installing or running this skill: 1) Inspect the code (index.js) to confirm exactly which files it reads — it looks at ~/.openclaw/agents/main/agent/auth-profiles.json and ~/.codex/sessions/*.jsonl and will try to call provider APIs. 2) Open the auth-profiles.json file to see what tokens/emails it contains — if it stores provider API keys or session tokens you consider sensitive, do not run the script in a production environment. 3) Because SKILL.md instructs the agent to paste script output verbatim, run the script yourself in a sandbox or container first (node index.js) and inspect the output for leaked tokens or private data. 4) If you still want to use it, consider removing or redacting access to auth-profiles.json or running the skill under an account that has no stored tokens, or modify the script to only surface aggregated quota numbers (not raw profiles). 5) If anything in the auth file seems unrelated to quota checking (credentials for unrelated services), treat that as a stronger warning and avoid installing. Additional information that would change this assessment: explicit registry declaration that the skill needs and will read those config files, or a version of the script that only requests tokens via explicit, user-provided environment variables rather than reading agent auth files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9786ggz5mms1aq8gvjh7f84dh80ykmc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧮 Clawdis
Binsnode, codex

Comments