ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Discord Output Metrics Footer

v0.1.0

Install, configure, maintain, or troubleshoot a compact Discord output footer for OpenClaw that shows live context usage, output tokens, Codex quota remainin...

0· 58·0 current·0 all-time
by@udaymanish6

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for udaymanish6/discord-output-metrics-footer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Discord Output Metrics Footer" (udaymanish6/discord-output-metrics-footer) from ClawHub.
Skill page: https://clawhub.ai/udaymanish6/discord-output-metrics-footer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install discord-output-metrics-footer

ClawHub CLI

Package manager switcher

npx clawhub@latest install discord-output-metrics-footer
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's declared purpose (append context/token/quota metrics to Discord messages) aligns with the bundled code: it listens to llm_output and message_sending and computes context/usage and optional subagent aggregates. However, the quota feature requires reading local auth profiles (not declared as required in metadata) — this is explainable by the quota requirement but should have been called out explicitly.
!
Instruction Scope
The implementation reads a local file (~/.openclaw/agents/main/agent/auth-profiles.json) to extract an OpenAI Codex OAuth access token and then performs an outbound fetch to https://chatgpt.com/backend-api/wham/usage with that token as Authorization. Even though SKILL.md and references mention fetching Codex quota, the code transmits a credential to a third-party endpoint (chatgpt.com), which is a broader scope than simply reading local metrics and may be unexpected to users.
Install Mechanism
No remote installer or archives are used; the skill is an extension template the user copies into ~/.openclaw/extensions. No download-from-URL or package installs are present in the bundle.
!
Credentials
The skill declares no required env vars or credentials, yet the code reads the user's centralized OpenClaw auth profile file and extracts OAuth tokens. Accessing that file gives it access to credentials managed by OpenClaw; while the code filters for provider==='openai-codex', reading and using a bearer token (and sending it externally) is a high-privilege action that is not proportional to a benign UI-only metric display unless the user explicitly expects the plugin to contact the appropriate provider's usage endpoint.
Persistence & Privilege
The plugin is not always-enabled and does not request elevated platform privileges. It will run as an installed OpenClaw plugin and registers standard hooks. The main privilege concern is its access to the central auth store (a legitimate location for provider tokens) combined with outbound network access; that combination increases the blast radius if the plugin is malicious or misconfigured.
Scan Findings in Context
[reads-openclaw-auth-profiles] expected: The code reads ~/.openclaw/agents/main/agent/auth-profiles.json to locate an openai-codex oauth token. Reading local auth profiles is required to obtain a token for querying quota, so this behavior is explainable by the quota feature, but it is a sensitive action and should be disclosed clearly in metadata/instructions.
[outbound-auth-bearer-to-3rd-party] unexpected: The code sends the extracted token in an Authorization header to https://chatgpt.com/backend-api/wham/usage. Sending a local OAuth token to chatgpt.com is unexpected: the endpoint is not the official OpenAI API domain. This looks like credential transmission to a third-party service and is a material security concern.
What to consider before installing
This extension generally does what it says (appends compact usage footers), but it reads your OpenClaw auth profile store and sends an OAuth token to https://chatgpt.com/backend-api/wham/usage to fetch quota. Before installing: 1) Decide whether you trust that external endpoint—if not, disable the quota-fetch feature (set quotaCacheMs to 0 or remove the quota call) or do not install. 2) Inspect ~/.openclaw/agents/main/agent/auth-profiles.json to confirm what credentials are stored and whether 'openai-codex' profiles exist. 3) If you want the footer but not remote token use, modify the plugin to omit the fetchCodexQuota call or point it to an official provider usage API (and document that change). 4) Consider running the plugin in a sandboxed environment first and monitor outgoing requests. 5) If you need help auditing the endpoint or rewriting the quota logic to avoid sending tokens externally, get a developer review. The key risk is credential exposure — the plugin will read and use an OAuth token unless you remove/disable that behavior.
!
assets/extension-template/index.ts:120
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9709kcn1ff97hesnynyfn48hn85eebq
58downloads
0stars
1versions
Updated 3d ago
v0.1.0
MIT-0
@udaymanish6
latest
Download

Discord Output Metrics Footer

Use this skill when an OpenClaw workspace should show compact runtime metrics under Discord outputs.

Default footer:

_🟢 ↑54k ↓157 · 21%ctx · 5h 89% · kimi-k2.6:cloud_

With subagent aggregate:

_🟢 ↑54k ↓157 · 21%ctx · 5h 89% · openai-codex/gpt-5.5 · sub ↑31k ↓4k_

What it does

  • Adds a Discord delivery-time footer using OpenClaw plugin hooks.
  • Uses llm_output for actual model/token metrics.
  • Uses message_sending to append the footer without adding prompt tokens.
  • Uses live/cached OpenAI Codex OAuth usage for 5h 89%.
  • Uses color status from context usage and quota remaining.
  • Optionally aggregates nearby subagent LLM usage.

Install into an OpenClaw workspace

Copy the bundled extension template:

mkdir -p ~/.openclaw/extensions/discord-output-metrics-footer
cp -R assets/extension-template/* ~/.openclaw/extensions/discord-output-metrics-footer/

Add this plugin config to ~/.openclaw/openclaw.json:

{
  "plugins": {
    "allow": ["discord-output-metrics-footer"],
    "load": {
      "paths": ["~/.openclaw/extensions/discord-output-metrics-footer"]
    },
    "entries": {
      "discord-output-metrics-footer": {
        "enabled": true,
        "config": {
          "cacheMs": 120000,
          "quotaCacheMs": 60000,
          "contextReserveTokens": 40000,
          "appendSubagents": true,
          "disabledConversations": []
        }
      }
    }
  }
}

Then validate and restart:

openclaw config validate
openclaw gateway restart

Channel deployment

The plugin can run for any Discord channel. To disable specific Discord channel IDs, add them to disabledConversations.

Recommended defaults:

  • Enable in active work channels like #general, #coding, #reasoning, and audit channels.
  • Disable in status-only channels like #feed and incident channels like #system if noise matters.

Configuration

Fields:

  • cacheMs: window for matching recent LLM output and subagent output.
  • quotaCacheMs: minimum interval between Codex quota refreshes.
  • contextReserveTokens: safety reserve subtracted from usable context calculations.
  • appendSubagents: append sub ↑x ↓y when nearby subagent usage is detected.
  • disabledConversations: Discord channel IDs where no footer should be appended.

Color status

  • 🟢: context under 50% and quota over 50%.
  • 🟡: context 50-80% or quota 20-50%.
  • 🔴: context over 80% or quota under 20%.

If context and quota disagree, show the worse status.

Guardrails

  • Do not put footer instructions in agent prompts.
  • Do not call an LLM to calculate footer metrics.
  • Do not fetch Codex quota on every message; use cache.
  • Do not show emails, OAuth profile names, token values, API key prefixes, or auth file paths.
  • Do not add the footer when it would exceed Discord's message limit.

Read references/implementation.md before changing the extension code.

Comments

Loading comments...