Skills
skills/valkyriweb/usage-monitor-skill/usage-monitor/Gen Agent Trust Hub

usage-monitor

Fail

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill retrieves sensitive OAuth access tokens by querying the macOS Keychain using the 'security find-generic-password' command and by reading the file '~/.claude/.credentials.json'.
  • [COMMAND_EXECUTION]: The script 'scripts/usage-check.sh' executes the 'security' system utility to access stored credentials and pipes results to Python for processing.
  • [COMMAND_EXECUTION]: The Python script 'scripts/codex-usage-scrape.py' executes the 'codex' CLI tool via a subprocess to interface with an app server using the 'stdio://' protocol.
  • [COMMAND_EXECUTION]: The skill uses 'python3 -c' and heredoc blocks to run dynamically constructed Python code for calculating budget targets and parsing JSON payloads.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to 'https://api.anthropic.com/api/oauth/usage' to fetch account utilization data.
  • [DATA_EXFILTRATION]: Authentication tokens extracted from the local environment (keychain and files) are sent to the external Anthropic API to authorize usage queries.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 08:32 PM