Codex Orchestrator
v1.0.0Monitor, control, and orchestrate background Codex sessions. Use this skill to track progress, handle interruptions, and ensure task completion for long-running coding tasks.
⭐ 1· 3.3k·28 current·29 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the SKILL.md: it is explicitly about launching, monitoring, and controlling background Codex sessions. However, the SKILL.md requires a 'codex' CLI and an agent-level 'process action' tool (PTY/background session support, process action:list/log/submit/kill) but the registry metadata declares no required binaries or tools. That mismatch (undeclared but necessary tools and host process control) is a notable omission.
Instruction Scope
The runtime instructions direct the agent to start background PTY sessions, read process logs, submit keystrokes, kill and resume sessions, and run 'codex exec' with arbitrary commands. While this aligns with orchestration, it also grants the agent the ability to execute arbitrary commands and control local processes — a powerful capability that can access files, network, or other system state. The SKILL.md does not limit or constrain what commands are run, nor does it require explicit user confirmation flows.
Install Mechanism
No install spec and no code files (instruction-only). That minimizes supply-chain risk because nothing is downloaded or written by the skill itself.
Credentials
The skill declares no environment variables or credentials, which is proportionate. However, it implicitly requires runtime capabilities (the 'codex' CLI and process-control tools) that are not declared; this is an omission rather than an overreach in requested credentials.
Persistence & Privilege
always:false (default) so it is not force-included. The skill assumes autonomous ability to start and manage background processes; combined with the process-control instructions, that increases the potential blast radius if the agent is allowed to invoke the skill autonomously. This is normal platform behavior but worth noting.
What to consider before installing
This skill looks like a legitimate orchestrator for background Codex sessions, but it assumes the agent has a 'codex' CLI and process-management tools (PTY support and process action APIs) even though those are not declared. Before installing or enabling: 1) confirm whether your agent/runtime actually exposes a 'codex' CLI and the process action/PTY primitives and understand what privileges those provide (file access, network, ability to run arbitrary shell commands); 2) only grant this skill to agents running in a sandboxed environment or a user-approved context; 3) require explicit user confirmation before the agent launches or resumes background sessions that run arbitrary commands; 4) test on non-sensitive projects first; and 5) if you need stricter controls, ask the skill author to declare required binaries and to add explicit constraints (allowed commands, whitelisted workdirs, or user-interaction gates).Like a lobster shell, security has layers — review code before you run it.
latestvk97by7y1g6yrkvzx8czbjjh6a580n3wz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.