Skill audit report

TokenTracker audit report.

Track token usage across 22 AI coding tools (Claude Code, Codex, Cursor, Gemini, Roo Code, Zed Agent, Goose, and more) — local-first, zero-config, with a beautiful dashboard, native macOS menu bar app, and 4 desktop widgets.

EXPERIMENTAL · REVIEWSafe to tryGenerated Jun 16, 2026Heuristic metadata audit

Audit

Trust

Quality

Security

100

Maintain

Install

OpenAgentSkill Trust Score

Production candidate

Stars, maintenance, license, docs, dependency risk, and installability.

The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.

GitHub adoption

INFO

661 GitHub stars

Recent maintenance

PASS

100

8d since push

License clarity

PASS

MIT

README/SKILL.md completeness

PASS

100

Metadata includes enough usage and workflow context

Dependency risk

WARN

command execution surface, credential or environment access

Install availability

PASS

npx skills add mm7894215/TokenTracker

Repository evidence

PASS

https://github.com/mm7894215/TokenTracker

Review status

PASS

AI review data available

Checks

Install and adoption review

7 passed · 4 review

Install path

PASS

npx skills add mm7894215/TokenTracker

Repository

PASS

https://github.com/mm7894215/TokenTracker

License

PASS

MIT

Maintenance

100

PASS

8d since push

AI review

PASS

Approved with no listed issues

README/SKILL.md completeness

100

PASS

Usable description available

Dependency risk

FIX

command execution surface, credential or environment access

Adoption

PASS

661 GitHub stars

Warnings

Dependency or permission surface needs review
Quality score needs review
Dependency risk: command execution surface, credential or environment access

Method

This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.

Install path

Review the report before installing into production agents.

$ npx skills add mm7894215/TokenTracker

Signals

Audit score: 90/100
Quality: 85/100
Trust: 86/100
Maintenance: 8d since push
Events: 1 events
GitHub stars: 661
Last push: Jun 7, 2026

Agent safety v2

54/100 · Avoid automatic install

Experimentalreview

Sparse or mixed signals. Useful for discovery, but not for autonomous installation.

Test manually in an isolated workspace and compare against safer alternatives.

Metadata combines secrets access with shell or command execution
High-risk permission hints: Shell or command execution, Secrets or environment access
54/100 agent safety score

Shell or command execution

high

Skill metadata references terminal, CLI, shell, subprocess, or command execution workflows.

Network access

medium

Skill likely fetches remote pages, APIs, repositories, or external services.

Secrets or environment access

high

Skill metadata references credentials, tokens, environment variables, or secret-bearing workflows.

High-risk permission hints: Shell or command execution, Secrets or environment access
Dependency or permission surface needs review

Back to skill Alternatives Audit badge SVG

Compare nearby options

TokenTracker audit report.

Stars, maintenance, license, docs, dependency risk, and installability.

Install and adoption review

Related skills to audit next

AutoGPT

Langchain

Firecrawl