ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claude-usage-cli

v0.2.0

Query Claude API usage and cost reports from the command line. Secure macOS Keychain storage for Admin API key. Table/JSON output.

0· 1.1k·3 current·3 all-time
by@cyberash-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly requires an Anthropic Admin API key (sk-ant-admin...) and describes storing it in macOS Keychain, but the registry metadata lists no required environment variables or primary credential. Requiring the 'claude-usage' and 'node' binaries is consistent with a CLI wrapper, however the omission of the Admin API credential in the skill metadata is an inconsistency that reduces transparency.
Instruction Scope
The runtime instructions are limited to installing/running a CLI (claude-usage) and using Keychain to store an Admin API key; they do not ask the agent to read arbitrary files or system state. However, the SKILL.md makes concrete claims about network scope (only contacting api.anthropic.com over HTTPS) and key handling (never written to disk in plaintext) that cannot be verified from an instruction-only skill with no code. Because the skill delegates behavior to an external binary, those claims should be validated by inspecting the CLI's code or package.
Install Mechanism
SKILL.md recommends installing via npm (npm install -g claude-usage-cli) or git-clone/build. npm/global install is a common but moderately risky install vector because it executes third-party code from the registry; the SKILL.md references a GitHub repo which is a good sign, but the registry metadata reported 'No install spec' — the presence of install instructions inside SKILL.md but not in the top-level install spec is an inconsistency to confirm. Verify the npm package and GitHub source before installing.
!
Credentials
The tool requires an Admin API key to query organization usage/costs. Admin keys can be sensitive/powerful; the skill metadata does not declare any required credential or primaryEnv, which is misleading. The SKILL.md asserts read-only scope for that key, but you should treat an Admin key as a high-privilege secret and prefer least-privilege tokens if available.
Persistence & Privilege
The skill is not force-included (always:false) and does not request persistent system-wide privileges. It stores the API key in the user's macOS Keychain (as documented) and claims not to write plaintext to disk. There is no evidence in the provided files that the skill modifies other skills or system settings.
What to consider before installing
Before installing: 1) Confirm the npm package and GitHub repository are legitimate (owner, recent commits, stars, issues) and inspect the CLI source — SKILL.md's claims about Keychain and network scope can only be validated by reading code. 2) Do not paste a high-privilege Admin key unless necessary — prefer a least-privilege/read-only token or an account that limits blast radius. 3) Verify the npm package tarball (npm view / integrity) or build from source (git clone) if you want to audit before executing. 4) Check that the CLI actually only connects to api.anthropic.com (monitor network activity on first run). 5) If you have low tolerance for risk, prefer alternatives with published source and active maintenance (SKILL.md even marks this skill DEPRECATED).

Like a lobster shell, security has layers — review code before you run it.

latestvk9779w5115ghhft06acvqgsmvd8129z1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
OSmacOS
Binsclaude-usage, node

Comments