Launch Codex Unpacked

Security checks across malware telemetry and agentic risk

Overview

The skill has a plausible debugging purpose, but it tells agents to run a powerful local launcher script that is not included in the package and would modify Codex state and debug behavior.

Review before installing. Only use this skill if you trust and can inspect the actual launch_codex_unpacked.sh script it will run, and run it from a directory where that script is known. Expect it to open debug ports, potentially install tooling via Homebrew, and in SSH mode modify Codex global state and an unpacked app bundle.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly states that SSH mode updates the persistent file `~/.codex/.codex-global-state.json` and patches the unpacked main bundle, but it does not present this as a user-facing warning or require confirmation before making those changes. This can lead to unintended persistence, altered future app behavior, and user confusion, especially when the operator expects a temporary debugging workflow rather than modifications to saved SSH configuration/state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal