Skill

cta-anomaly-hunt

Scans Claude Code sessions for 6 statistical anomalies like cost inefficiency, low cache hits, excessive tool use, with severity scoring, triage, and automatic drill-down into top sessions for diagnostics.

monitoring

performance

npx claudepluginhub li195111/claude-token-analyzer --plugin claude-token-analyzer

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Scan for anomalies, triage by severity, and drill into suspicious sessions for root cause diagnosis.

SKILL.md

Similar Skills

cta

Routes Claude Code token usage and cost analysis requests to sub-skills for health checks, cost audits, anomaly detection, project reviews, trends, and usage patterns. Provides quick overviews for ambiguous intents.

1 file

claude-token-analyzer

get-token-insights

247

Analyzes Claude Code conversation logs for token usage, costs, cache hit rates, workflow patterns (skills, agents, hooks), and cost optimizations. Generates interactive HTML dashboard.

3 files4 tools

claude-memory

session-analytics

Tracks tokens, analyzes caching behavior, identifies bottlenecks in tool usage, and estimates costs to optimize Claude Code session performance and efficiency.

4 tools

claude-code-expert

Stats

Stars11

Forks4

Last CommitMar 27, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

CTA Anomaly Hunt — Statistical Anomaly Detection

Scan for anomalies, triage by severity, and drill into suspicious sessions for root cause diagnosis.

Workflow

Step 1: Sync Data

Execute mcp__token-analyzer__sync_db. Skip if already called in this conversation.

Step 2: Scan Anomalies

Execute mcp__token-analyzer__anomaly_scan with:

stddev_threshold: 2.0 (default), user can adjust (1.5 sensitive / 3.0 conservative)
min_tokens_for_cache_check: 10000 (default), adjustable
project_path: optional

IMPORTANT: anomaly_scan output can exceed 370K characters. Write raw output to ${TMPDIR:-/tmp}/cta-anomaly-report.json before parsing.

Step 3: Triage by Severity

Sort and present anomalies in this priority order:

CostInefficient — High cost + low cache (most dangerous composite anomaly)
HighCost — Pure cost outlier
LowCacheHitRate — Efficiency problem
ExcessiveToolUse — Possible infinite loop or inefficient workflow
HighTokenUsage — Token consumption outlier
UnusualModelMix — Multi-model switching

Anomalies with severity scores sort before those without.

Step 4: Deep Dive (Top 3-5 Sessions)

For the highest-severity anomalies, execute mcp__token-analyzer__analyze_session with each session_id to obtain the 10-dimension analysis.

Limit automatic drill-down to 5 sessions maximum to avoid excessive token consumption.

Step 5: Output Diagnostic Cards

For each analyzed session, output a diagnostic card:

### 🔴 Session a1b2c3d4 — CostInefficient (severity: 8.5)
- **成本**：$X.XX（超出平均 X.Xσ）
- **Cache 命中率**：X.X%（平均 XX.X%）
- **模型**：claude-opus-4-6
- **Tool 排名**：Read(35), Bash(12), Edit(8)
- **壓縮事件**：2 次（turn 8, turn 15）
- **可能原因**：上下文頻繁壓縮導致 cache 失效，大量重讀檔案
- **建議**：考慮分拆任務以減少壓縮頻率

Infer "possible cause" and "suggestion" from the 10-dimension analysis data:

High compression events → context window overflow, suggest splitting tasks
High tool use + low cache → repetitive file reading, suggest caching strategy
Multiple models → possible failover or misconfiguration
Excessive turns → possible stuck loop, check tool_ranking for patterns

Behavior Rules

Always write raw anomaly_scan output to ${TMPDIR:-/tmp}/cta-anomaly-report.json first.
Anomalies without severity (HighTokenUsage, ExcessiveToolUse, UnusualModelMix) rank after those with severity.
Maximum 5 automatic drill-down sessions. Offer to analyze more if the user requests.
User can adjust stddev_threshold (1.5=sensitive, 2.0=balanced, 3.0=conservative).
User can adjust min_tokens_for_cache_check to filter short sessions from cache analysis.

Output Rules

Use 繁體中文 for prose, English for technical terms.
Currency: $X.XX USD.
session_id: first 8 characters.
Severity color coding: 🔴 high (>5), 🟡 medium (2-5), 🟢 low (<2).

Additional Resources

For MCP tool parameter details and anomaly type definitions: ${CLAUDE_PLUGIN_ROOT}/skills/cta/references/tool-reference.md