Codex Image Server
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for a local Codex image server, but it exposes powerful image-generation access without default authentication and can automatically use a local OpenAI API key that is not declared in the metadata.
Review this skill before installing or copying the template. If you use it, bind only to 127.0.0.1, restrict CORS to the exact trusted app, enable an API key or other local authentication, explicitly choose whether to use Codex or OpenAI, and avoid leaving OPENAI_API_KEY available unless you intend this server to use it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A web page or local app may be able to trigger image generation through the local server, potentially using the user's Codex/OpenAI access or quota.
The server template allows cross-origin browser access. Combined with the documented default of optional authentication, this broadens who can call the local image-generation API.
'Access-Control-Allow-Origin': '*'
Enable authentication by default, restrict CORS origins to trusted local clients, and require explicit user approval before exposing generation endpoints.
The server may use the user's OpenAI account and billing unexpectedly, and prompts or reference images may be processed through that provider path.
The template reads a local OpenAI API key and automatically switches to an OpenAI backend when a key is present, despite the registry metadata declaring no credentials.
function getOpenAiApiKey() {
return process.env.CODEX_IMAGE_SERVER_OPENAI_API_KEY || process.env.OPENAI_API_KEY || ''
}
...
return getOpenAiApiKey() ? 'openai' : 'codex-exec'Declare the credential requirement, avoid auto-selecting the provider backend from ambient OPENAI_API_KEY, and require an explicit backend choice before using account credentials.
Running the server can start and terminate local Codex worker processes.
The design intentionally starts local `codex exec` worker processes and manages their process groups. This is expected for a wrapper service but is still local code/process execution.
On macOS and Linux, start `codex exec` with `detached: true` and kill the negative process id so child processes do not remain alive.
Run it only from a trusted project directory and verify cancellation/cleanup so no worker processes are left running.
Generated images may remain on disk and be available through the local server while it is running.
The skill intentionally creates a local service with persistent output files. This is coherent with the image-server purpose, but users should notice the ongoing service and stored outputs.
Store generated files in a stable output directory and return both metadata and file URLs.
Choose a private output directory, periodically clean generated files, and stop the server when it is no longer needed.