Skillv1.0.1

ClawScan security

new-api-usage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 2:43 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions align with its stated purpose (querying a user-provided API for usage/quota); it only issues GET requests to the provided base URL, requests no environment secrets, and does not persist or install anything extra.
Guidance: This skill appears to do what it says: it will perform read-only GET requests to the base URL you provide and requires you to pass the API key explicitly. Before running it, make sure you trust the target base URL (don't pass keys to unknown servers). Prefer HTTPS and a server you control or trust because the script sends the key in both an Authorization header and as a query parameter — query parameters can be logged or leaked via referrers. If you want to reduce exposure, consider modifying the script to avoid sending the key in the URL query string (only use the Authorization header). Also review the printed output when using --json to ensure no sensitive fields are included (the script intentionally avoids printing the full key). Finally, be aware of a possible API-response handling quirk in print_quota (the script checks quota_data.get('code') in a way that may treat some valid responses as errors); this is a correctness issue, not evidence of malicious behavior.

Purpose & Capability: okName/description ask for querying usage/quota and the included script implements exactly that: GETs to /api/usage/token/ and /api/log/token with an explicit --base-url and --key. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: noteSKILL.md requires explicit base URL and key and instructs read-only GETs only; the script follows this. One notable behavior: the usage endpoint call sends the API key both in the Authorization header and as a query parameter (key={api_key}), which is coherent with the documented endpoint but increases risk of key exposure via logs/referrers on the server or intermediaries. The skill otherwise does not read local files, config, or extra env vars.
Install Mechanism: okNo install spec and no external downloads; the skill is instruction-only with an included Python script that runs with the user's Python runtime.
Credentials: okNo environment variables, credentials, or config paths are requested. The single required secret is the API key provided on the command line, which matches the skill's purpose.
Persistence & Privilege: okSkill is not always-enabled, does not modify agent/system configs, and does not request persistent presence or elevated privileges.