cc-usage
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill reads local Claude Code session logs to calculate token usage and tool activity. This access is restricted to standard configuration directories and does not involve any external network communication or data exfiltration.- [SAFE]: The skill processes JSONL log files from the local filesystem. While this represents an ingestion of external data, the script only extracts specific usage metrics and lacks any capabilities (such as network access or shell execution) that would allow for exploitation via indirect prompt injection.
- Ingestion points:
scripts/cc_usage.pyreads*.jsonlfiles from project directories. - Boundary markers: None.
- Capability inventory: No subprocess calls, network operations, or dynamic code execution.
- Sanitization: The script performs standard JSON parsing and numeric extraction.
Audit Metadata