Skillv1.0.0

ClawScan security

budget-analyzer-claw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 1:06 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with a cost-monitoring/budgeting purpose and do not request unrelated credentials or install arbitrary binaries; only minor operational notes and configuration mismatches were found.
Guidance: This skill appears to do what it says: collect session usage via the platform's session_* tools, compute costs with local pricing rules, detect anomalies, and prepare reports. Before installing: (1) confirm the platform session_status/sessions_list APIs it uses are expected and that you are comfortable the skill will read session usage data (this is necessary for cost reporting); (2) review/adjust references/billing-rules.json and usd_to_cny so currency/unit conversions match your real bills; (3) check references/budget-config.yaml channels/recipients so notifications don't go to unintended users and decide whether you want the skill to have authority to pause agents (the README says user authorization is required); (4) test the scripts with sample data to ensure model-name matching and unknown-model behavior are acceptable. No evidence of hidden network exfiltration or unrelated credential requests was found.

Review Dimensions

Purpose & Capability: okName/description (budget monitoring, alerts, reports) match the included scripts, references and SKILL.md. The code reads local billing rules, budget config and produces reports/alerts as documented. Required tools (session_status, sessions_list) are reasonable for gathering usage data.
Instruction Scope: noteInstructions are narrowly scoped to reading session usage (session_status/sessions_list/sessions_history), computing costs, checking budget-config and optionally running anomaly detection. This legitimately requires access to session usage data. Note: SKILL.md promises reporting and 'push pre-alerts' but contains no explicit delivery implementation; behavior that could pause agents is explicitly gated by user authorization in the docs (good).
Install Mechanism: okNo install spec and included scripts are small, plain Python files. Nothing is downloaded from external URLs or installed into system paths. This is low-risk.
Credentials: noteThe skill declares no required environment variables or external credentials (appropriate). Minor concerns: currency handling and unit conventions mix USD and CNY — billing-rules.json lists USD unit prices and usd_to_cny conversion, while budget-config.yaml budgets are expressed in '元' (CNY). Make sure usd_to_cny is set correctly for your environment. Also check recipients/channels in budget-config.yaml (feishu, user 'wayne') so alerts are not accidentally sent to unexpected recipients.
Persistence & Privilege: okalways:false and the skill only reads/writes within its skill directory and /tmp usage files; it does not request system-wide changes or modify other skills. No persistent or privileged hooks detected.