Codex Delegate

Security checks across malware telemetry and agentic risk

Overview

This skill transparently delegates coding tasks to the local Codex CLI, with disclosed sandbox controls and no artifact-backed evidence of hidden or malicious behavior.

Install only if you intentionally want OpenClaw to hand coding work to your local Codex CLI. Use explicit wording when invoking it, approve workspace-write or danger-full-access only for tasks that need those permissions, and avoid sending secrets, private keys, or production data unless you have deliberately approved that exact data flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The invocation guidance uses very broad natural-language trigger phrases like "use Codex" or "delegate to Codex," which can easily appear in ordinary discussion about tooling rather than as an explicit authorization to execute the skill. In an agentic environment, this ambiguity can cause unintended delegation of repository access, code modification, or command execution through the local Codex CLI, increasing the risk of accidental actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal