Codex Auth Cleaner

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CPA admin utility for cleaning Codex auth files, but it should be used carefully because it can disable and delete auth records.

Install only if you intend to grant CPA administrative access. Protect config.json because it may contain the CPA admin key, start with status before running check/delete/clean, and use monitor mode only when you are comfortable with repeated automated cleanup of Codex auth files that fail quota checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill exercises network access, reads environment variables, and writes persistent files, yet it declares no permissions. That mismatch can cause operators or calling agents to invoke it without understanding that it stores credentials locally and talks to an external management API, increasing the chance of over-privileged or unsafe execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The stated purpose focuses on cleaning invalid auth files, but the documented behavior also includes interactive setup, persistent credential storage, connectivity testing, monitoring loops, and notification configuration. This materially expands the trust boundary: the skill is not just a one-shot cleaner, it is a credential-handling, stateful, networked automation component that could expose admin keys or perform ongoing destructive actions if misused.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation phrases are broad for a skill that can disable and delete authentication files. Broad triggers increase the risk that an agent invokes a destructive auth-management workflow from vague user language, causing unintended cleanup actions against sensitive credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal