Codex Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly a Codex coding-automation helper, but it encourages approval-bypassing, long-running agent workflows that can modify and potentially merge code with limited containment.
Install only if you are comfortable letting Codex make code changes in your workspace. Run it in an isolated worktree, container, or VM; avoid the no-sandbox bypass on your main machine; monitor background/tmux sessions; and require explicit human approval before pushing or merging changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Codex could change project files, run broader operations, or bypass prompts before you have reviewed each action.
The skill explicitly documents hands-off execution, auto-approved file edits, and a no-sandbox/no-approval mode, which can let an agent make high-impact local changes without normal review gates.
description: '...hands-off task execution without approval prompts.' ... `--full-auto` | ... auto-approve file edits ... `--dangerously-bypass-approvals-and-sandbox` | Skip all prompts + no sandbox
Use read-only or workspace-write modes first, require explicit user approval before destructive or broad actions, and reserve the no-sandbox bypass only for disposable containers or VMs.
A coding agent may keep running and modifying the workspace for many hours unless actively monitored or stopped.
The workflow intentionally starts long-running background or tmux-managed agent sessions and avoids hard timeouts, which increases the chance of autonomous activity continuing longer than the user expects.
Via OpenClaw exec — use background=true + pty=true, NO hard timeout ... Safety net: if no new output for 12 hours, ask user before killing ... Full Mode ... tmux session
Set explicit task limits, record session IDs, provide a clear stop/cleanup procedure, and ask the user before launching long-running jobs.
Bad generated code could move from a local worktree into a branch or merged PR, affecting collaborators or production workflows.
The provided workflow scope extends beyond local edits to PR merge, so mistakes from the automated agent could propagate into a shared repository if not manually reviewed.
Operate Codex CLI as a managed coding agent — from worktree setup through PR merge. ... Full Workflow: Task → Merged PR
Require human code review, tests, and an explicit user confirmation before pushing, opening, or merging PRs.
You may need to install and trust external software before the skill works.
The skill depends on external CLI tooling installed through npm or Homebrew, but the registry metadata does not declare required binaries or an install spec. This is purpose-aligned, but users should verify the tools they install.
codex --version # Verify installed # Install: npm i -g @openai/codex or brew install codex tmux -V # tmux required
Install Codex CLI and tmux from trusted sources, verify versions, and prefer pinned or organization-approved installation methods.
Sensitive project information could remain on disk in task logs after the session ends.
Full Mode records Codex session output to a persistent log file, which may contain prompts, code snippets, build output, or other project details.
LOG_FILE="/tmp/worktrees/$TASK_ID/codex-output.log" ... tmux pipe-pane -t "$TASK_ID" -o "stdbuf -oL cat >> $LOG_FILE"
Avoid including secrets in prompts, review log contents, restrict log file permissions, and delete logs when they are no longer needed.