Skills
skills/aaaaqwq/claude-code-skills/model-usage/Gen Agent Trust Hub

model-usage

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The model_usage.py script executes the codexbar CLI tool using the subprocess module. The command is constructed as a list with fixed arguments and validated provider choices, preventing shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the codexbar CLI tool via Homebrew from a specific tap (steipete/tap/codexbar). This external dependency is necessary for the skill's primary function of model usage reporting.
  • [DATA_EXFILTRATION]: The skill reads local LLM session logs (e.g., from ~/.codex/ or ~/.claude/) via the codexbar tool to aggregate cost data. This access is restricted to the intended function of cost summarization and does not involve any external network transmission of user data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 11:41 AM