Back to skill
Skillv1.0.3
VirusTotal security
Codex Auth Cleaner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:36 AM
- Hash
- bbfe2ea48c62829bb0893908984b19b21caba4babbd75779f4b0fe6e53124ce5
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: codex-cleaner Version: 1.0.3 The skill is designed to monitor and clean codex authentication files via a CPA management API, which aligns with its stated purpose. It uses standard Python libraries, handles an admin API key (CPA_KEY) for authentication, and stores configuration in a local `config.json` file. While it interacts with a `/v0/management/api-call` endpoint, the target URL for this call is hardcoded to `https://chatgpt.com/backend-api/wham/usage`, preventing its use for arbitrary SSRF or malicious proxying from within this skill. There is no evidence of intentional data exfiltration, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.
- External report
- View on VirusTotal