model-usage
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected in the skill code or metadata.- [COMMAND_EXECUTION]: The script
scripts/model_usage.pyexecutes thecodexbarCLI tool usingsubprocess.check_output. The command arguments are constructed from a whitelist of allowed providers ('codex', 'claude'), preventing arbitrary command injection.- [DATA_EXPOSURE]: The skill is designed to access local AI session logs (e.g., in~/.codex/sessions/and~/.config/claude/) to retrieve cost and token usage metadata. This access is local and intended for the skill's primary purpose. No network-based exfiltration patterns (likecurlorrequests) were found.- [EXTERNAL_DOWNLOADS]: The skill metadata includes instructions to install thecodexbartool via Homebrew (steipete/tap/codexbar). This is a standard installation method for the required dependency.
Audit Metadata