Codex Adapter Toolkit

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a purpose-aligned adapter setup guide, but users should handle API keys, SMTP credentials, webhooks, backups, and startup behavior carefully.

Before installing, inspect any referenced scripts, store secrets in environment variables or protected config files instead of command history when possible, restrict permissions on settings and backup files, redact logs and dashboards, and only enable notifications or startup registration if you understand what data they expose and how to disable them.

SkillSpector (1)

By NVIDIA

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs users to configure API keys, SMTP credentials, and webhook-style notification endpoints, but it does not warn about secure storage, log exposure, shell history leakage, or the risk of transmitting secrets to third-party services. In a skill whose purpose is brokering requests across multiple external providers, this omission increases the chance that users will paste sensitive credentials into commands or configs that are later exposed via files, process listings, backups, dashboards, or notifications.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal