claude-stats
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script via Bash to process statistics. User inputs for period and type are passed as command-line arguments. The script uses argparse with a restricted set of allowed values to validate these inputs, which prevents arbitrary command injection.
- [SAFE]: The skill accesses conversation history stored in ~/.claude/projects/*.jsonl. This access is required for the skill's stated purpose of providing usage statistics. No network calls or exfiltration patterns were found in the code.
Audit Metadata