Back to skill

Security audit

Codex Quota

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Codex quota checker, but its all-accounts mode needs review because it temporarily rewrites Codex login state.

Install only if you are comfortable with a local quota tool reading Codex session logs. Avoid running --all --yes while other Codex processes are active, back up ~/.codex/auth.json first, and treat /tmp/codex-quota-all.json as sensitive account-usage metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities to read local session data, overwrite ~/.codex/auth.json, and invoke the codex CLI, but it does not declare corresponding permissions or clearly surface that level of access in the manifest. This can mislead users and host tooling about the skill's real trust boundary, increasing the chance that sensitive files or account state are modified without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description states that --all --yes temporarily overwrites ~/.codex/auth.json to switch accounts, but it does not provide an explicit warning about credential/config modification risk, failure modes, or the possibility of leaving auth state corrupted if interrupted. Because auth.json is a sensitive authentication file, even temporary modification can cause account confusion, credential loss, or unintended actions under the wrong identity.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script temporarily overwrites `~/.codex/auth.json` while iterating through accounts, which changes the active authentication context for the user and any concurrent Codex processes. Although restoration is attempted, it is only best-effort and can fail on interruption or concurrent access, potentially leaving the wrong account active or corrupting auth state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.