Codex Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated purpose, but it gives broad unattended control over Codex sessions without enough review gates.

Install only if you intentionally want an agent to supervise autonomous Codex runs. Use it in a sandboxed repo or disposable branch, review logs before every `submit`, avoid generic `y` or Enter approvals, track session IDs, and stop background sessions when work is complete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill tells operators to send input like "y" or a blank Enter to an interactive Codex session without requiring verification of what prompt is being answered. In this orchestration context, that can silently approve code changes, destructive actions, or other privileged operations the background agent is requesting, turning a stalled session into unintended execution.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The skill recommends killing a looping or hallucinating background session but does not warn that termination may interrupt in-progress edits, leave partial changes, or lose transient context. While less severe than arbitrary approval, this can still cause integrity and availability issues by leaving repositories or workflows in an inconsistent state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal