sub2api-usage
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements legitimate administrative functionality for monitoring API usage. It follows security best practices by using environment variables and .env files to manage sensitive credentials like the SUB2API_ADMIN_KEY, avoiding hardcoded secrets.
- [COMMAND_EXECUTION]: The skill utilizes
uv runto execute its own Python scripts (fetch_usage.py) for data processing. This behavior is transparent, localized to the skill's directory, and strictly serves the primary purpose of the skill. - [SAFE]: Network communications are limited to the user-defined Sub2API endpoint via the
httpxlibrary. No unauthorized data exfiltration or connections to suspicious third-party domains were detected. - [SAFE]: State management is performed through a local
snapshot.jsonfile. This persistence mechanism is used solely for computing differences between reporting periods and does not introduce persistence for malicious code execution.
Audit Metadata