Back to skill
Skillv1.1.0
VirusTotal security
Codex Multi Subscription Auth Fallbacks · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- 39818b97d974cd579fad2f7e39f7a219f07684601f253462a4944ae921ee4f42
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: codex-multi-subscription-auth-fallbacks Version: 1.1.0 The skill is classified as suspicious due to the use of direct prompt injection instructions within the `SKILL.md` and `references/config-templates.md` files, which instruct the AI agent to execute local commands (`openclaw models status`) and modify its internal state (`session_status`). While these actions are aligned with the skill's stated purpose of managing multi-provider authentication and model failover, they represent high-risk capabilities. The `scripts/codex-add-profile.sh` script also handles sensitive OAuth tokens by reading from `~/.codex/auth.json` and writing to `~/.openclaw/agents/main/agent/auth-profiles.json`, although it includes safety measures like backups and user confirmation. There is no evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control.
- External report
- View on VirusTotal