Skillv1.1.0

ClawScan security

Token Tamer — AI API Cost Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 6:16 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and configuration are consistent with a local cost-tracking/budgeting tool and do not request unrelated credentials or perform network installs or hidden exfiltration.
Guidance: This appears to be a local, instruction-driven cost tracker that matches its description. Before installing: 1) Copy and edit config_example.py to set USAGE_FILE to a safe location you control; do not leave paths pointing to root or other sensitive dirs. 2) Ensure all your application API calls call tamer.log_usage()/check_before_call() if you want enforcement — the tool does not intercept calls automatically. 3) Back up the USAGE_FILE if you need history and avoid concurrent writes (multiple processes may corrupt the JSON). 4) Note the kill switch is process-local (resets on restart) and webhook/export fields are present in config_example but not active by default — review any future changes that enable network exports. 5) If you need team-wide or multi-host tracking, migrate to a DB or central exporter (the skill is intentionally local-only). Overall the package is coherent and does not request unrelated secrets or perform hidden network activity.

Review Dimensions

Purpose & Capability: okName/description (API cost tracking, budgets, waste detection) align with the provided code and SKILL.md. The code implements local logging, cost calculation, reports, and heuristics for waste — everything needed for the stated purpose. No unrelated cloud credentials, binaries, or capabilities are requested.
Instruction Scope: okSKILL.md instructions limit the agent to local setup (copy config, set filepath, call log_usage, run CLI scripts). Instructions do not ask the agent to read unrelated system files, environment variables, or transmit data externally. Limitations are documented (manual logging, no provider reconciliation).
Install Mechanism: okThere is no install spec and code is pure-Python stdlib. Nothing is downloaded or written to system locations apart from the configured usage JSON file. This is low-risk compared with remote installers or archive extraction.
Credentials: okThe skill declares no required env vars, no credentials, and the code only imports a local token_config module. Config fields for webhooks exist in the example but default to None; there are no implementations that automatically send data to external endpoints. Requested configuration is proportional to purpose.
Persistence & Privilege: noteThe skill persists usage to a local JSON file (USAGE_FILE) and will create parent directories when saving. Kill-switch state is in-memory and resets on process restart (documented). This file-write behavior is expected for a tracker but you should ensure USAGE_FILE path and permissions are acceptable for your environment; concurrent writers may corrupt the file (documented limitation).