codex-quota
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script reads from and overwrites sensitive authentication files located in the user's home directory (~/.codex/auth.json) to facilitate account switching and quota verification.\n- [COMMAND_EXECUTION]: The script executes the local
codexcommand-line utility using thesubprocessmodule to ensure session logs contain current rate limit data.\n- [DATA_EXPOSURE]: Aggregated quota information for all accounts is written to a predictable path in a world-writable directory (/tmp/codex-quota-all.json), which could lead to minor information disclosure on multi-user systems.
Audit Metadata