Skillv1.0.6

ClawScan security

Codex Auth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 11:56 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (handling OpenAI Codex OAuth and updating local auth profiles), but it performs privileged local changes (writes auth state, edits config, stops/starts the local gateway) so you should review and trust the source before running it.
Guidance: This skill appears to do what it says: run a Codex OAuth flow, store the resulting tokens in your OpenClaw auth profiles, and (optionally) stop/start the local gateway to apply changes. Before running it: - Prefer the maintained alternative: the SKILL.md itself says use 'codex-profiler' instead; prefer that if available. - Inspect the included scripts/codex_auth.py yourself (it is bundled) to confirm there are no unexpected network endpoints or logging of tokens. The file is present so you can audit it prior to execution. - Be aware the script will write tokens to ~/.openclaw/.../auth-profiles.json and may modify ~/.openclaw/openclaw.json; it also runs 'openclaw gateway stop/start'. Make backups or test in an environment where restarting the gateway is safe. - Because the agent can invoke skills autonomously by default, consider disabling autonomous invocation for this skill (or require manual invocation) if you do not want the agent to modify config or restart services without explicit consent. - Only use the flow with the documented OpenAI auth endpoints (auth.openai.com). If you see the script or SKILL.md referencing other hosts, do not proceed. - If you have low trust in the skill owner or source provenance, do not run it on production machines.

Review Dimensions

Purpose & Capability: okThe name/description (codex-auth shim) aligns with the included script and SKILL.md: it starts/finishes an OpenAI Codex OAuth flow, exchanges tokens with auth.openai.com, and writes auth profiles. The subprocess calls to 'openclaw gateway stop/start' and updates to ~/.openclaw/openclaw.json and auth-profiles.json are coherent with applying a new auth profile.
Instruction Scope: noteSKILL.md instructs running the included script to start/finish flows and to queue safe apply. The script reads/writes files under the user's home (~/.openclaw/...) and /tmp, stores pending state, exchanges tokens over the OpenAI OAuth token endpoint, decodes JWTs, and constructs revert commands. These actions are within the stated scope but are privileged (modify agent config and auth files, and restart the gateway). SKILL.md's safety guidance about not echoing callback URLs is respected in intent, but you should verify the script's actual output if you care about secrets not being logged or echoed.
Install Mechanism: okNo install spec — instruction-only with a bundled script. Nothing is downloaded or installed automatically by the skill, which reduces external install risk. The code will run locally when you execute the script.
Credentials: okThe skill does not request environment variables or external credentials beyond performing an OAuth flow with hardcoded CLIENT_ID and standard OpenAI auth endpoints. It writes tokens into local auth-profiles.json as expected for an auth helper. No unrelated secrets or service credentials are requested.
Persistence & Privilege: noteThe skill does not force permanent inclusion (always:false). However, the script performs persistent, privileged actions: it writes to ~/.openclaw/openclaw.json and ~/.openclaw/.../auth-profiles.json, creates backups, and executes local commands to stop/start the gateway. Because the skill can be invoked autonomously by the model (default), consider whether you want an agent to be able to run these operations without manual approval.