Skillv1.3.1

ClawScan security

Agent Rate Limiter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 5:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and optional environment variables are consistent with a local rate-limiter utility that writes a small state file and does not contact external services.
Guidance: This skill appears to be what it says: a local Python rate-limiter that writes a small JSON state file and provides gate/record/status commands. Before installing or integrating it: 1) Review scripts/rate-limiter.py locally to confirm you trust the code (it reads/writes a state JSON and creates a .lock file, but makes no network calls). 2) Explicitly set RATE_LIMIT_STATE to a location you control (default resolves to a parent path, which may be surprising) and confirm file permissions; the script uses 0o600 for writes but will create directories if needed. 3) If you run on Windows, note the script uses fcntl flock (Unix-only) and may not work; test in your environment. 4) Be cautious about adding calls into global/system prompts or other agents' prompts — that integration is required for the rate limiter to be effective but can change agent behavior widely. 5) Run the included gate/record/status commands manually to validate behavior before wiring it into autonomous agents or cron jobs. If you want extra assurance, run the script in a sandboxed environment first.
Findings: [system-prompt-override] expected: The scanner flagged 'system-prompt-override' because SKILL.md explicitly recommends adding rate-limiter calls to the agent/system prompt and AGENTS.md. This is expected for integration, but be aware that changing system prompts affects agent behavior and can act like a prompt-injection vector if applied indiscriminately.

Review Dimensions

Purpose & Capability: okName/description match the included Python script and SKILL.md: the tool implements a local rolling-window rate counter, tiered throttling, pause/backoff, and provides gate/record/status commands. No unrelated credentials, binaries, or network access are requested.
Instruction Scope: noteSKILL.md instructs agents to run the included script before/after work and to add calls into system prompts/AGENTS.md/cron/heartbeat checks. That is expected for a rate-limiter, but adding things to a system prompt can alter agent behavior platform-wide, so apply carefully. The instructions only reference the local state file and the script; they do not direct data to external endpoints.
Install Mechanism: okNo install spec and no external downloads; the skill is instruction-only with a bundled Python script and a JSON state file. This is low-risk from an installation-code-fetch perspective.
Credentials: okNo required environment variables or credentials. Optional env vars (provider, plan, state path, window, estimate) are reasonable and directly related to operation. The script will read those optional vars.
Persistence & Privilege: okalways is false. The skill stores its own state in a JSON file and creates a .lock file alongside it; it does not claim to modify other skills or global agent configuration (though SKILL.md suggests adding calls to system prompts/AGENTS.md, which is an integration choice rather than a programmatic modification).