Security audit
Codex Usage Widget
Security checks across malware telemetry and agentic risk
Overview
The skill appears to use local scripts for an expected widget-install workflow, with no evidence of deception or exfiltration, but its filesystem/script access should be clearer.
Before installing, review the scripts and confirm they only touch ~/.codex skill files and ~/Library/Application Support/Uebersicht/widgets/. Prefer running install or uninstall steps manually so you can see the exact files created or removed.
VirusTotal
61/61 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
