Back to plugin

Security audit

CodexInfo

Security checks across malware telemetry and agentic risk

Overview

CodexInfo appears purpose-aligned for Codex notifications, but it installs a persistent Codex hook, runs the local Codex CLI, stores a bearer token, and forwards notification text to your configured channels.

Before installing, be sure you are comfortable using the unsafe-install acknowledgement, letting the package register a Codex hook, storing a local gateway token, and sending Codex status/details to your configured notification channels. Review the generated ~/.codex/config.toml and ~/.openclaw/codexinfo files after setup.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
bin/codexinfo-hook.js:299
Evidence
proc = spawn(codexBin, ["app-server"], { stdio: ["pipe", "pipe", "ignore"] });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
bin/codexinfo.js:81
Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/cli/doctor.js:53
Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/cli/setup.js:31
Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/rate-limit.js:96
Evidence
proc = spawn(codexBin, ["app-server"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/cli/doctor.ts:61
Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/cli/setup.ts:38
Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/rate-limit.ts:111
Evidence
proc = spawn(codexBin, ["app-server"], {