ClawHub

Codex Multi Subscription Auth Fallbacks

Security checks across malware telemetry and agentic risk

Overview

This skill is sensitive because it copies OAuth tokens for failover, but the behavior is coherent with its stated purpose and is largely disclosed to the user.

Install only if you intentionally want OpenClaw to reuse Codex OAuth sessions. Treat `auth-profiles.json` and all `.bak-*` files as secrets, restrict their permissions, exclude them from git and logs, remove stale backups when no longer needed, and enable the optional cron job only if you want unattended model switching.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation assures users that the cron job 'does not contact external services,' yet it instructs an agent to run `openclaw models status` and act on provider/profile state through the OpenClaw runtime. In this skill context, that can reasonably trigger provider-related checks or other network-backed behavior, so the claim is misleading and may cause users to enable automation under false assumptions about network and credential exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The schema example includes live OAuth credential fields such as access tokens, refresh tokens, expiry data, and account identifiers, but provides no warning that this file contains highly sensitive secrets. In a skill specifically about multi-account auth fallback and automated switching, this omission is more dangerous because users are encouraged to create, store, and operationalize multiple reusable credentials without guidance on file permissions, encryption, logging hygiene, or exclusion from version control.

Credential Access

High
Category
Privilege Escalation
Content
};
if (tokens.account_id) profileEntry.accountId = tokens.account_id;

// Calculate expiry from access token JWT (exp claim)
try {
  const parts = tokens.access_token.split(".");
  const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
Confidence
93% confidence
Finding
access token

Session Persistence

Medium
Category
Rogue Agent
Content
cp "$CODEX_AUTH" "$CODEX_BACKUP"
  # Verify backup succeeded
  if [ ! -f "$CODEX_BACKUP" ]; then
    echo "Error: Failed to create backup at $CODEX_BACKUP"
    exit 1
  fi
  echo "    Codex CLI:  $CODEX_BACKUP"
Confidence
88% confidence
Finding
create backup at $CODEX_BACKUP" exit 1 fi echo " Codex CLI: $CODEX_BACKUP" fi if [ -f "$OPENCLAW_AUTH" ]; then cp "$OPENCLAW_AUTH" "$OPENCLAW_BACKUP" if [ ! -f "$OPENCLAW_BACKUP" ]; th

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal