model-usage
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The Python script
scripts/model_usage.pyutilizessubprocess.check_outputto execute thecodexbarCLI tool. This execution is performed using a list-based argument structure with inputs sanitized throughargparsechoices, which effectively mitigates command injection risks.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of thecodexbarutility via a Homebrew tap (steipete/tap/codexbar). This external dependency is owned by the same author as the skill and is required for its documented functionality.\n- [SAFE]: The skill processes local data such as cost logs and usage statistics (e.g., from~/.codexor~/.config/claude). No unauthorized network communication or data exfiltration patterns were identified during the analysis.
Audit Metadata