Trust Assessment
claude-code-usage received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Credential harvesting, Direct Retrieval of Sensitive Credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting macOS Keychain credential access Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/azaidi94/claude-code-usage/scripts/claude-usage.sh:87 | |
| CRITICAL | Credential harvesting macOS Keychain credential access Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/azaidi94/claude-code-usage/scripts/claude-usage.sh:131 | |
| HIGH | Direct Retrieval of Sensitive Credentials The skill directly retrieves sensitive OAuth access and refresh tokens from the macOS Keychain using `security find-generic-password -w` and from Linux `secret-tool` using `secret-tool lookup`. The `-w` flag for `security` explicitly requests the password to be shown, making the credential visible in the script's execution environment. While this is necessary for the skill's functionality (to authenticate with the Anthropic API), it represents a significant security risk. If the script or the environment it runs in were compromised, these credentials could be easily captured and exfiltrated. Implement a more secure method for handling credentials. Ideally, the skill should not directly handle raw access tokens. Instead, it should rely on a secure credential manager or a CLI tool that handles token refreshing internally without exposing the raw token to the script. If direct retrieval is unavoidable, ensure the execution environment is highly trusted and hardened. Emphasize the importance of securing the underlying credential storage (Keychain, secret-tool) and ensure retrieved tokens have the minimum necessary scope. | LLM | scripts/claude-usage.sh:40 | |
| HIGH | Direct Retrieval of Sensitive Credentials The skill directly retrieves sensitive OAuth access and refresh tokens from the macOS Keychain using `security find-generic-password -w` and from Linux `secret-tool` using `secret-tool lookup`. The `secret-tool lookup` command retrieves the stored secret, making it available to the script. While this is necessary for the skill's functionality (to authenticate with the Anthropic API), it represents a significant security risk. If the script or the environment it runs in were compromised, these credentials could be easily captured and exfiltrated. Implement a more secure method for handling credentials. Ideally, the skill should not directly handle raw access tokens. Instead, it should rely on a secure credential manager or a CLI tool that handles token refreshing internally without exposing the raw token to the script. If direct retrieval is unavoidable, ensure the execution environment is highly trusted and hardened. Emphasize the importance of securing the underlying credential storage (Keychain, secret-tool) and ensure retrieved tokens have the minimum necessary scope. | LLM | scripts/claude-usage.sh:43 |
Scan History
Embed Code
[](https://skillshield.io/report/16b78d6b709bb24a)
Powered by SkillShield