model-usage
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill metadata triggers the installation of 'codexbar' from a third-party Homebrew tap ('steipete/tap/codexbar'). This source is not on the Trusted Organizations list, meaning the binary's integrity cannot be verified against the analyzer's security policy.
- [NO_CODE] (MEDIUM): Essential execution logic in 'scripts/model_usage.py' and 'bin/install-codexbar-cli.sh' is missing from the provided files, making it impossible to confirm if the skill exfiltrates the data it processes or performs other malicious actions.
- [COMMAND_EXECUTION] (LOW): The skill runs shell commands and Python scripts to access and process local session logs in '
/.codex/' and '/.config/claude/'. These files contain private interaction history, making their processing a sensitive operation that relies entirely on the integrity of the unverified scripts.
Audit Metadata