Skillv1.0.0

ClawScan security

Kimi Usage Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 2:35 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are coherent with its stated goal of reading the Kimi console via the OpenClaw browser tool and making quota-based decisions; no evidence of hidden exfiltration or unrelated privileges was found, though the skill requires trusting the OpenClaw/browser integration and its default behavior on check failures may be lenient.
Guidance: This skill appears to do what it says, but before installing consider: 1) Trust: it requires and uses the OpenClaw CLI/extension to snapshot your Chrome tab — that gives it access to the Kimi console page (and potentially any visible tab content). Only install if you trust the skill source and OpenClaw integration. 2) Fail-open behavior: subagent_guard returns can_spawn: true and allows spawns when the check fails; if you prefer fail-closed behavior, modify subagent_guard/preflight_check to default to deny on error. 3) Review and test locally: run scripts manually to verify they only read local browser content and do not transmit data externally. 4) Least privilege: run this skill in an environment with the minimal account/session needed and audit any automated runs (cron/OpenClaw jobs). 5) If you need stronger guarantees, ask the author for provenance or adapt the code to log checks and fail-closed on errors.

Review Dimensions

Purpose & Capability: okThe skill's name and description match what the files implement: scripts use the OpenClaw CLI to snapshot a Chrome tab at the Kimi console and parse usage data; preflight, subagent guard, and logger scripts all coherently support quota-aware decision-making. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope: noteSKILL.md instructs the agent to rely on a Chrome session with the OpenClaw extension and run the provided scripts — that matches the code. Important behavioral notes: fetch_usage.py snapshots the browser tab content (so it reads full page HTML), and subagent_guard defaults to allowing spawns when the usage check fails (it prints can_spawn: true and exits 0 on error). Those behaviors are consistent with the skill's purpose but are policy-relevant (privacy of page content, and a fail-open default on check failures).
Install Mechanism: okThere is no install spec; the skill is delivered as script files and runtime instructions only. No downloads from external URLs or package installs are requested.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It uses the local openclaw CLI and local Python — both are proportional to the stated function of reading a browser page via OpenClaw.
Persistence & Privilege: okalways is false and the skill does not request to modify other skills or system settings. It provides cron examples for periodic runs but does not attempt permanent elevated presence or to write system-wide configuration.