Back to skill
Skillv1.0.0
VirusTotal security
Codex Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:08 AM
- Hash
- bbfa5f3deed1d1daf48a9f1b46350ca9cc5737e48e5177e66e94f8a4b6366e73
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: codex-bridge Version: 1.0.0 The codex-bridge skill provides a mechanism for an AI agent to delegate arbitrary coding tasks to a local 'codex' CLI with background execution and automated status polling. While the implementation in bridge.py and the shell scripts appears to be a functional task-management wrapper, it grants the agent high-risk capabilities, including file modification and command execution via the codex CLI's --full-auto mode. Furthermore, the shell scripts (codex-bridge-status.sh, codex-bridge-answer.sh) are vulnerable to path traversal via the --task-id argument, which could be exploited by a malicious prompt to access files outside the intended tasks directory. No evidence of intentional malice or exfiltration was found, but the broad execution surface and lack of input sanitization warrant a suspicious classification.
- External report
- View on VirusTotal