Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ag Model Usage
v1.0.0Use CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trig...
⭐ 0· 370·2 current·2 all-time
byLian Junhong@t-atlas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description target: per-model usage from Codex/Claude/CodexBar. Implementation: Python script that directly queries a Google 'antigravity' internal API (daily-cloudcode-pa.sandbox.googleapis.com) using an OAuth token found in a local auth-profiles.json. This is plausible for model-usage reporting, but the SKILL.md mentions CodexBar CLI/local cost JSON while code calls Google internal endpoints directly — a partial mismatch in how the data is obtained.
Instruction Scope
The script reads ~/.openclaw/agents/main/agent/auth-profiles.json to extract OAuth access tokens and projectId and then issues network requests to an internal Google endpoint. The SKILL metadata did not declare this config-path access; reading that file gives the skill access to sensitive credentials. While the script uses the token only to call the quota endpoint (it does not itself transmit tokens elsewhere), the instruction surface includes reading local agent auth data which is beyond a typical 'read-only' usage declaration.
Install Mechanism
No install spec (instruction-only plus a small Python script) — lowest install risk. One practical inconsistency: the script imports 'requests' but the manifest only declared python3 as a required binary and did not declare Python package dependencies. No downloads or arbitrary code installs are present.
Credentials
Registry metadata declares no required env vars or config paths, yet the code accesses a local config file that contains OAuth access tokens. This is effectively requesting credential access without declaring it in requires.env or requires.config — a proportionality / transparency issue. The number of external credentials requested is small (a single OAuth token), which fits the task, but it should be declared explicitly.
Persistence & Privilege
No 'always: true' or other elevated persistence. The skill is user-invocable and can be invoked autonomously (platform default), which is normal. The skill does not modify other skills or system-wide settings.
What to consider before installing
This script will read your agent's auth-profiles.json (~/ .openclaw/agents/main/agent/auth-profiles.json) to extract an OAuth access token and then call an internal Google quota API using that token. Before installing: (1) Review the auth-profiles.json contents and confirm you are comfortable a skill can read those OAuth tokens. (2) Prefer the skill explicitly declare the config path or ask for an explicit, limited (read-only) token rather than reading your full agent auth file. (3) Confirm you trust the endpoint (daily-cloudcode-pa.sandbox.googleapis.com) and the skill author; the code does not exfiltrate tokens but having local tokens read by third-party code is sensitive. (4) Consider running it manually yourself or in an isolated environment, or ask the author to add the config-path requirement and to document dependencies (requests). If you need help crafting a safer variant (e.g., accept a token via prompt or env var, or only accept a short-lived read-only token), ask the author to provide one.Like a lobster shell, security has layers — review code before you run it.
latestvk9790pjv2jdtaqjg4pvryns1vs82cshq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binspython3