The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses several bash tools to manage its environment and reporting. It creates and modifies scripts in ~/.claude/, changes file permissions using chmod, and uses python3 for JSON processing and cost calculations.
[COMMAND_EXECUTION]: The install command modifies the agent's settings.json file to register a PostToolUse hook. This is a standard extension mechanism for the platform, and the skill includes validation steps to ensure the JSON remains valid.
[COMMAND_EXECUTION]: The report and top-requests commands execute local shell scripts (usage-report.sh) and inline Python snippets to aggregate data from the local log file (usage.jsonl).
[DATA_EXFILTRATION]: No network operations or data exfiltration patterns were detected. All logging and reporting are performed locally within the ~/.claude/ directory.
[INDIRECT_PROMPT_INJECTION]: The log-usage.sh script reads the agent's transcript history to attribute costs to specific user messages. While this involves processing untrusted data, the script implements sanitization by removing system tags and using JSON encoding to prevent malicious content from interfering with the logging or reporting process.

usage-tracker