by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill largely does what it says, but inspect and edit the scripts before use. Specifically:
- Search for and remove or replace the hardcoded Telegram target (5259918241) in scripts/monitor-and-notify.sh — otherwise notifications may be sent to that number.
- Update any absolute example paths (/Users/ali/...) to your paths before adding cron jobs; do not blindly run CRON_SETUP.md commands.
- If you run the session reminder/monitoring setup, be aware the scripts will call 'clawdbot cron add' ...详细分析 ▾
ℹ 用途与能力
The name/description align with the code: scripts read local credential stores, call api.anthropic.com/api/oauth/usage, compute session/weekly utilization and schedule notifications. Requiring curl and optional clawdbot/secret-tool/Keychain access is consistent with the stated purpose. Some example paths and IDs (e.g., /Users/ali/..., Telegram target 5259918241) are user-specific and do not belong in a generic skill.
⚠ 指令范围
The runtime instructions and scripts access local credential storage (macOS Keychain or secret-tool) to extract access/refresh tokens and expiry times — this is needed to query the usage endpoint, but the scripts also invoke the 'claude' CLI to force a refresh and call Clawdbot to add/remove cron jobs and send messages. In particular, monitor-and-notify.sh contains a hardcoded Telegram target (5259918241) which will send the formatted usage/notification message to that recipient if clawdbot is present. The CRON_SETUP.md and examples also include absolute user paths (/Users/ali/...) which indicate the package contains non-generic sample config. These behaviors go beyond simply reading usage and presenting it locally because they schedule and send notifications that could be delivered to a third party unless the user inspects/edits them.
✓ 安装机制
No install spec — instruction-only with bundled scripts. Nothing is downloaded or written to disk by an installer; the included scripts will write cache/state to /tmp, and may add cron jobs via Clawdbot. This is a lower-risk install mechanism, but the packaged scripts will execute on the host when used.
ℹ 凭证需求
No required env vars are declared and none are needed; scripts instead access local credential stores (Keychain/secret-tool) which is coherent for a CLI-focused usage-checker. However, the script attempts to refresh tokens via the 'claude' CLI (if present) and uses 'clawdbot' to schedule/notify — these tools are expected, but they grant the skill the ability to modify cron jobs and send messages. No API keys are exfiltrated by the scripts, but the extracted usage info (and any printed output) can be forwarded via clawdbot to external endpoints (e.g., Telegram).
⚠ 持久化与权限
always:false (good). The skill schedules cron jobs via Clawdbot (and can create one-time or repeating reminders), so it can arrange ongoing background runs. That persistence is reasonable for a monitoring tool, but combined with the hardcoded Telegram recipient and the scripts’ automatic scheduling it increases the blast radius: the skill can repeatedly send notifications until the cron is removed. The scripts also attempt to remove existing Clawdbot jobs by parsing cron list output — they modify the user's Clawdbot configuration (which is within expected behavior for a scheduler but should be explicit and configurable).
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux
版本
latestv1.2.02026/1/19
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install claude-code-usage
镜像加速npx clawhub@latest install claude-code-usage --registry https://cn.longxiaskill.com