Skills
skills/tdimino/claude-code-minoan/claude-usage/Gen Agent Trust Hub

claude-usage

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/claude_usage.py executes the npx command using subprocess.run to run the ccusage utility when the --compare flag is provided.
  • [REMOTE_CODE_EXECUTION]: By calling npx ccusage, the skill fetches and executes code from the NPM registry at runtime. This creates a dependency on an external package and registry, which is a potential vector for supply chain attacks.
  • [EXTERNAL_DOWNLOADS]: Fetches dependencies including the playwright Python package and the Chromium browser binary for PDF report generation. These are standard dependencies for browser-based rendering.
  • [DATA_EXFILTRATION]: The skill processes sensitive information within ~/.claude/projects/, including private user prompts and assistant responses. The use of external tools like npx in a context where they have access to session history creates an increased risk surface for data exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 12:21 AM