Skills
skills/qverisai/qverisbot/model-usage/Gen Agent Trust Hub

model-usage

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/model_usage.py invokes the codexbar CLI using subprocess.check_output to retrieve cost data in JSON format. The command is constructed as a list, which avoids shell injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill defines a dependency on the codexbar tool, which is installed via a third-party Homebrew tap (steipete/tap/codexbar). This is the intended installation path for the required CLI tool on macOS systems.
  • [DATA_EXPOSURE]: The skill analyzes local log files related to AI usage (located in ~/.codex and ~/.config/claude/) to calculate costs. While these files contain metadata about model interactions, the skill only processes this information locally to generate summaries and does not exfiltrate the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:22 AM