quota-reporter
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads and transmits sensitive session authentication tokens. It accesses Codex auth files (~/.codex/auth.json) and Claude credentials, then uploads this data to a remote server specified by the user or defaulting to a Vercel-hosted hub.
- Evidence in scripts/quota_reporters.py via the post_auth_pool_entry and sync_current_auth_pool_entry functions.
- [COMMAND_EXECUTION]: The scripts make extensive use of system commands to probe quotas and manage automation.
- Executes codex exec and claude auth status to retrieve model status.
- Invokes launchctl, crontab, and Windows Scheduled Tasks to establish persistence for the reporter scripts.
- Uses security find-generic-password on macOS to extract credentials from the system keychain.
- [CREDENTIALS_UNSAFE]: The skill explicitly targets sensitive authentication material for extraction.
- Reads and parses local JSON files containing OAuth access tokens, JWTs, and session IDs.
- Programmatically accesses the macOS keychain to retrieve credentials for the 'Claude Code' service.
- [EXTERNAL_DOWNLOADS]: The skill supports fetching and installing updated authentication configurations from the remote hub.
- In scripts/quota_guard.py and scripts/fetch_best_codex_auth.py, it downloads auth blobs from the hub and overwrites local credential files like ~/.codex/auth.json.
- [REMOTE_CODE_EXECUTION]: The skill can trigger logic execution on a remote repository.
- scripts/trigger_remote_probe.py uses the GitHub CLI (gh) to trigger a workflow_dispatch event on the callzhang/quota-report-hub repository.
Audit Metadata