Codex Claw
PassAudited by ClawScan on May 3, 2026.
Overview
This is a coherent setup guide, but it installs an external Codex plugin that persistently loads local AGENTS.md/SOUL.md context, so users should verify the package and review those files first.
Before installing, verify the @openclaw/codex-claw package artifact, consider pinning a specific version, review AGENTS.md and SOUL.md for secrets or instructions that conflict with Codex safety/user intent, and know how to disable the plugin hooks if the context loading is no longer desired.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced package gives external plugin code a role in Codex Desktop context loading.
The reviewed artifact is instruction-only and directs users to install a separate runtime package, so the package provenance and contents need separate verification.
This skill is the searchable setup and safety guide. The actual runtime is the OpenClaw code plugin package `@openclaw/codex-claw`.
Verify the downloaded package, inspect its contents, and prefer a pinned version instead of `latest` before installing.
Private memories, project conventions, or misleading instructions in those files could appear in every Codex session that uses the plugin.
The skill intentionally loads local AGENTS.md/SOUL.md context into Codex sessions, which can expose private notes or carry unsafe instructions if those files are not reviewed.
Codex Desktop hooks read only the configured local paths at session time.
Review and scope AGENTS.md/SOUL.md before enabling them, remove secrets, and keep any personality or preference guidance clearly lower priority than system and user instructions.
Codex Desktop may continue loading the configured context in fresh sessions or after compaction, even after the original setup task is complete.
The setup enables persistent Codex plugin and hook behavior; this is disclosed and purpose-aligned, but it changes ongoing agent behavior until disabled.
plugins = true codex_hooks = true plugin_hooks = true [plugins."codex-claw@codex-claw"] enabled = true
Only enable the hook after reviewing the context files, and keep a clear disable/uninstall plan for the Codex plugin configuration.