Back to skill

Security audit

Codex Usage Widget

Security checks across malware telemetry and agentic risk

Overview

The skill appears to use local scripts for an expected widget-install workflow, with no evidence of deception or exfiltration, but its filesystem/script access should be clearer.

Before installing, review the scripts and confirm they only touch ~/.codex skill files and ~/Library/Application Support/Uebersicht/widgets/. Prefer running install or uninstall steps manually so you can see the exact files created or removed.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.