Skills
skills/aradotso/codex-skills/codexbar-menubar-ai-usage-tracker/Gen Agent Trust Hub

codexbar-menubar-ai-usage-tracker

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to modify the user's shell configuration file (~/.zshrc) to update the system PATH. Modifying shell profiles is a method used to maintain persistence or change system behavior.
  • [EXTERNAL_DOWNLOADS]: The skill directs users to download and execute code from an untrusted source (steipete/tap and github.com/steipete/CodexBar) via Homebrew and direct browser downloads.
  • [CREDENTIALS_UNSAFE]: The skill requests high-privilege system permissions, including "Full Disk Access" and "Keychain Access", to retrieve and decrypt sensitive data such as browser session cookies and authentication tokens.
  • [DATA_EXFILTRATION]: The skill accesses local application data and log files in ~/Library/Application Support/ for multiple AI services to extract usage metrics and configuration data.
  • [COMMAND_EXECUTION]: Instructions are provided for the manual and automated entry of sensitive API keys into environment variables and local configuration files (~/.codexbar/config.json).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 05:50 PM