Back to skill
Skillv1.0.0
VirusTotal security
Codex Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:50 AM
- Hash
- ce63c7d0dbea2fbe1529f79bd27bbe777a1dd5b92cc8abd3c113b028cc658876
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: codex-skill Version: 1.0.0 The skill is classified as suspicious due to its extensive use of high-risk capabilities that grant broad system and network access without user approval. Specifically, the skill instructs the OpenClaw agent to execute arbitrary shell commands via `exec()` and `tmux send-keys` in SKILL.md. It also explicitly launches the `codex` agent with `--dangerously-bypass-approvals-and-sandbox`, providing full system and network access. While these capabilities are presented as necessary for automating development tasks, they create a significant attack surface that could be exploited for unauthorized actions, data exfiltration, or system compromise if the OpenClaw agent were to receive a malicious prompt.
- External report
- View on VirusTotal