claude-code-usage

This skill's capabilities are consistent with its stated purpose: it reads an OAuth token from the OS credential store, calls the official Anthropic usage endpoint, caches results, and can schedule reminders via cron and deliver notifications via clawdbot/Telegram. There are no obvious signs of credential theft, obfuscated/malicious code, or third-party exfiltration endpoints in the provided documentation. Primary security concerns are expected and documented: the script needs access to local credential stores (high-sensitivity), it creates persistent cron entries (user should consent and review), and it may forward usage notifications to external channels (Telegram). Recommend users review the scripts before granting them cron write permissions and ensure notification targets are trusted. Overall: low likelihood of malicious intent but moderate operational risk due to credential access and persistent scheduling.