ClawHub

Codex Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives a background Codex process broad automated authority over a chosen local work directory and stores prompts and logs on disk.

Install only if you are comfortable letting a local Codex process run automated coding work in directories you choose. Use narrow, trusted, preferably git-tracked workdirs; avoid secrets in prompts; use simple task IDs without path characters; monitor background jobs; review diffs before using the results; and delete old `~/.codex-bridge` task directories when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly invokes local shell commands, delegates to the Codex CLI, and describes reading/writing project files and bridge state on disk, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users or the host platform may not realize the skill can execute commands and modify files, increasing the chance of unsafe invocation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to run delegated coding tasks in a chosen workdir but does not warn that Codex may create, modify, or refactor files there. In a coding-assistant context, silent file modification is security-relevant because users may point it at sensitive repositories or production configs without understanding the write impact.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill stores bridge state, task IDs, prompts, outputs, logs, and session data under ~/.codex-bridge/tasks/<task-id>/, but the description does not clearly warn users that task content is persisted on disk in their home directory. This can expose sensitive prompts, code, or operational details to other local users, backups, or later unintended disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The bridge persists the full task metadata, including the raw user prompt, under `~/.codex-bridge/tasks/.../task.json` without any consent flow, minimization, or permission hardening. Prompts can contain secrets, proprietary code requests, credentials, or sensitive business context, so storing them on disk creates a confidentiality risk from local compromise, backups, or other users/processes reading the files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal