cpa-codex-auth-sweep-cliproxy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CLI Proxy auth-maintenance tool, but it uses powerful management credentials and can bulk-delete auth files when run with deletion flags.

Install only if you control the CLI Proxy instance and understand that the management key can enumerate and modify Codex auth files. Run scan-only first, review the JSON results, keep the default chatgpt.com probe host, avoid unsafe probe-host and insecure-TLS flags, and use deletion only after confirming the listed 401 entries are safe to remove.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script can perform destructive deletion of auth files once both --delete-401 and --yes are supplied, with no interactive confirmation, dry-run default output, or per-item review. In a tool explicitly designed for bulk '扫号/清死号/清理 401', this creates a real risk of accidental or overbroad credential deletion due to false positives, operator error, or misuse in automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal