Trust Assessment
codex-quota received a trust score of 41/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Incomplete audit of auth.json manipulation due to truncated code.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/codex-quota/codex-quota.py:142 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'ping_codex'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/codex-quota/codex-quota.py:142 | |
| HIGH | Incomplete audit of auth.json manipulation due to truncated code The skill's manifest states it "temporarily switches accounts by overwriting ~/.codex/auth.json (restored afterwards)". The provided `codex-quota.py` code snippet is truncated at the point where it begins to handle `auth.json` and account switching (within the `get_active_account` function). Without the full implementation, it's impossible to verify the secure handling of `auth.json`, including proper restoration, error handling, and prevention of credential exposure or persistence of unauthorized account access. This poses a significant risk of credential harvesting or data exfiltration if the implementation is flawed, as `auth.json` likely contains sensitive authentication tokens. Provide the complete source code for `codex-quota.py`, especially the functions related to `auth.json` reading, writing, and restoration, to allow for a full security audit of credential handling. Ensure that `auth.json` is always restored to its original state, even in case of errors, and that its contents are not logged or exfiltrated. | LLM | codex-quota.py:170 | |
| INFO | External command execution via subprocess.run The `ping_codex` function executes an external command using `subprocess.run`. While the command and its arguments (`codex exec --skip-git-repo-check reply OK`) appear to be hardcoded and not directly influenced by untrusted input, any use of `subprocess` introduces a potential attack surface. If the `codex` binary itself were compromised or if future modifications introduced user-controlled arguments, this could lead to command injection. Ensure that all arguments passed to `subprocess.run` are strictly controlled and sanitized, especially if they originate from user input or environment variables. Regularly audit the `codex` binary for vulnerabilities. | LLM | codex-quota.py:140 |
Scan History
Embed Code
[](https://skillshield.io/report/a9215a3e50acbdb8)
Powered by SkillShield