OpenAI Codex Sub Agents

What to consider before installing: - Source provenance: there's no homepage or source repository. Confirm the skill's origin before trusting it. - Binary & config mismatch: the skill tells the agent to run the 'codex' CLI and to read ~/.codex/auth.json, but the skill metadata does not declare the codex binary or config paths; expect the agent to require local codex installation and access to your ~/.codex files. - Credential handling risk: the instructions explicitly recommend syncing Codex OAuth/API tokens into Clawdbot's agent auth profiles. That moves local credentials into another tool's config — only permit this if you trust both the Codex CLI installation and the skill owner. - Broad runtime privileges: the documentation encourages '--full-auto' and 'danger-full-access' sandboxes which allow file writes and network access. Avoid these options on untrusted repos or without manual approvals. - Mitigations: ask the publisher for source code or a homepage; install and test codex CLI in an isolated environment (container or VM); inspect ~/.codex/auth.json and Clawdbot auth files before and after onboarding; disable automatic auth-sync and perform token imports manually if you proceed; prefer read-only/sandboxed modes and require explicit approvals for writes or network access. Given the missing provenance and the implicit credential/config operations, treat this skill as suspicious until you can verify the author and the exact mechanisms by which tokens and configuration are accessed and copied.