Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- bin/codexinfo-hook.js:299
- Evidence
proc = spawn(codexBin, ["app-server"], { stdio: ["pipe", "pipe", "ignore"] });
Security audit
Security checks across malware telemetry and agentic risk
CodexInfo appears purpose-aligned for Codex notifications, but it installs a persistent Codex hook, runs the local Codex CLI, stores a bearer token, and forwards notification text to your configured channels.
Before installing, be sure you are comfortable using the unsafe-install acknowledgement, letting the package register a Codex hook, storing a local gateway token, and sending Codex status/details to your configured notification channels. Review the generated ~/.codex/config.toml and ~/.openclaw/codexinfo files after setup.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
proc = spawn(codexBin, ["app-server"], { stdio: ["pipe", "pipe", "ignore"] });const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });proc = spawn(codexBin, ["app-server"], {const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });proc = spawn(codexBin, ["app-server"], {