Skills
skills/sundial-org/awesome-openclaw-skills/model-usage/Gen Agent Trust Hub

model-usage

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The Python script scripts/model_usage.py executes the codexbar CLI tool using the subprocess module to fetch cost data. The arguments passed to the command are strictly validated against a predefined list of providers ('codex', 'claude') via argparse, preventing command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the codexbar CLI tool via a third-party Homebrew tap (steipete/tap/codexbar). While this is an external dependency, it is a standard installation method for the utility required for the skill's primary function.
  • [DATA_EXPOSURE]: The skill reads local usage logs (token counts and session costs) stored by the Codex and Claude desktop applications. This data is handled entirely on the local machine within the Python script and is not transmitted to any external network endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 05:29 AM