ClawHub

OpenAI Codex Operator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed Codex wrapper for user-directed coding work, but it should be used only in repositories where file changes and command execution are expected.

Install only if you want OpenClaw to delegate coding tasks to Codex. Run it from the intended repository, prefer a version-controlled branch, review diffs afterward, and avoid passing untrusted text through hand-built shell command strings; use proper argument passing or quoting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly instructs the agent to run Codex for implementation, debugging, refactoring, and scripted coding workflows in a target repository, which inherently creates a risk of modifying files. Omitting a clear warning about repository changes can mislead users about the side effects of invoking the skill, increasing the chance of unintended code edits, overwritten work, or execution in the wrong project directory.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script executes `codex exec` on a user-supplied natural-language task inside a user-supplied project directory without any confirmation, dry-run, or warning about side effects. In this skill's context, that is meaningful because Codex is an agentic coding tool that may modify files, run commands, or otherwise change the target repository, so invoking it directly can lead to unintended or risky actions if the operator misunderstands the task or target path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal