Security audit
Codex Usage Widget
Security checks across malware telemetry and agentic risk
Overview
The skill appears to install a local Codex usage widget using disclosed local scripts and filesystem access, with no evidence of deception, exfiltration, or destructive behavior.
Before installing, review install.sh, uninstall.sh, and codex-usage.py so you know exactly what they read under ~/.codex and what they write into the Uebersicht widget directory. The main risk is local privacy and persistence, not evidence of malware.
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
