Skillv1.0.0

ClawScan security

Codex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 5:42 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (helping operate the Codex CLI safely); it is instruction-only, requires the codex binary and a local ~/codex/ config, and does not request unrelated credentials or install arbitrary software.
Guidance: This skill appears coherent and safe for its stated use: it expects you to have the official 'codex' CLI and will keep durable operating context in ~/codex/ if you agree. Before installing/using it: (1) verify the 'codex' binary on your system is the official distribution you expect; (2) inspect ~/.codex/config.toml and ~/codex/ to make sure they don't already contain secrets you don't want read or written; (3) prefer stateless runs or decline persistence if you don't want local memory files; and (4) always review any proposed 'codex exec' commands (especially ones that use danger flags) before approving them.
Findings: [no_regex_matches] expected: This is an instruction-only skill with no code files, so the regex-based static scanner had nothing to analyze. That absence is expected but does not imply safety on its own.

Review Dimensions

Purpose & Capability: okThe skill's name and description match what it asks for: it requires the 'codex' CLI and references repo workflows, sandboxes, MCP, and cloud flows. Requested config paths (~/codex/ and ~/.codex/config.toml) are consistent with the skill's stated need to persist operating defaults and memory.
Instruction Scope: okAll runtime instructions are scoped to using the codex CLI, inspecting repos (git, rg), and maintaining local memory. The SKILL.md explicitly emphasizes preflight checks, explicit approvals, and not scraping secrets. There are no instructions to exfiltrate data or call unknown external endpoints.
Install Mechanism: okNo install spec and no code files — this is instruction-only. That reduces risk because nothing is downloaded or written by an automated installer.
Credentials: noteThe skill requests no environment credentials (OPENAI_API_KEY is only optional in metadata). It does declare config paths (~/codex/ and ~/.codex/config.toml) where it stores operating state; while this is reasonable for its purpose, users should note those paths may already contain CLI session tokens or other sensitive Codex/CLI state. The SKILL.md forbids scraping secrets, but the skill's ability to read those files (for preflight or resume) means users should verify what is stored there before granting persistence.
Persistence & Privilege: okThe skill is not always-on and is user-invocable; it stores durable context only in ~/codex/ after explicit consent per the instructions. It does not request elevated platform privileges or modify other skills' configs.