ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

codex-mcp-dev

v1.0.0

Use the local Codex CLI through mcporter and codex-mcp-server for real coding work in the current project. Use when the user asks to build features, fix bugs...

0· 299·0 current·0 all-time
byqiucen@hollywood3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description and SKILL.md describe a local Codex wrapper that communicates via mcporter -> codex-mcp-server -> codex, which matches the included script. However the registry metadata claims no required binaries/env but the script and README explicitly depend on mcporter, codex, and codex-mcp; that mismatch is incoherent and should have been declared.
Instruction Scope
Instructions and the script stay within the claimed domain (sending prompts to a local Codex MCP server, targeting a repo via --cwd). They explicitly allow reading prompt files or stdin and can direct Codex to perform workspace-write actions. Reading files supplied via --prompt-file or running full-auto writes to the repo are expected but present an obvious data/exfiltration and integrity risk if the skill or MCP server is untrusted.
Install Mechanism
There is no external install step; the skill is instruction-only plus a small wrapper script. No remote downloads or package installs are declared, so nothing arbitrary is written to disk by an installer. (The script does call local binaries at runtime.)
Credentials
The skill does not request environment variables, credentials, or config paths in metadata. The code also does not read secrets from environment variables. This is proportionate to its purpose.
Persistence & Privilege
always:false (normal). The skill and script can instruct the local Codex to modify the workspace (via full-auto / workspace-write), which is expected for a developer helper but increases blast radius if the MCP server or skill is malicious. The skill does not request permanent platform-level privileges.
What to consider before installing
This wrapper appears to be what it claims (a local Codex/mcporter helper) but exercise caution before installing: 1) the registry metadata should have listed required binaries (mcporter, codex, codex-mcp) — verify those are present and local. 2) The skill can be asked to read arbitrary files (--prompt-file/ stdin) and to make workspace writes (full-auto), so only run it against repositories you trust or a disposable clone. 3) Run python3 scripts/codex_mcp.py doctor to verify mcporter config and binary discovery. 4) Because the source/homepage is unknown, prefer not to enable autonomous invocation for this skill without additional vetting; inspect the mcporter server (codex-cli) implementation and mcporter config before granting it access to real projects.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ccfyp2e6ra8zt94t7s5k6zn82jw0v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments