Codex Claw
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced package gives external plugin code a role in Codex Desktop context loading.
The reviewed artifact is instruction-only and directs users to install a separate runtime package, so the package provenance and contents need separate verification.
This skill is the searchable setup and safety guide. The actual runtime is the OpenClaw code plugin package `@openclaw/codex-claw`.
Verify the downloaded package, inspect its contents, and prefer a pinned version instead of `latest` before installing.
Private memories, project conventions, or misleading instructions in those files could appear in every Codex session that uses the plugin.
The skill intentionally loads local AGENTS.md/SOUL.md context into Codex sessions, which can expose private notes or carry unsafe instructions if those files are not reviewed.
Codex Desktop hooks read only the configured local paths at session time.
Review and scope AGENTS.md/SOUL.md before enabling them, remove secrets, and keep any personality or preference guidance clearly lower priority than system and user instructions.
Codex Desktop may continue loading the configured context in fresh sessions or after compaction, even after the original setup task is complete.
The setup enables persistent Codex plugin and hook behavior; this is disclosed and purpose-aligned, but it changes ongoing agent behavior until disabled.
plugins = true codex_hooks = true plugin_hooks = true [plugins."codex-claw@codex-claw"] enabled = true
Only enable the hook after reviewing the context files, and keep a clear disable/uninstall plan for the Codex plugin configuration.