ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Codex Handoff (OpenClaw Plans, Codex Codex, OpenClaw Judges)

Offload finalized coding plans to Codex CLI for automated execution. Use when: user says "hand off to codex", "let codex do it", "offload to codex", runs /co...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 49 · 0 current installs · 0 all-time installs
by@philipbankier
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill clearly intends to drive a local 'codex' CLI and operate inside a git repo with plan files (docs/plans/, .claude/plans/). However the registry metadata lists no required binaries, env vars, or config paths. At minimum the skill should declare 'codex' as a required binary and indicate the need for a git repo and plan file locations.
Instruction Scope
SKILL.md instructs the agent to search local plan files, read them, build prompts, run 'codex exec --full-auto -s workspace-write', capture stdout/exit code, inspect git diffs, run tests, and loop until completion. Those actions are coherent with supervising automated code changes, but they allow the executor to modify repository files and run project tests — so the agent will perform destructive/privileged actions in the workspace unless explicitly confirmed/backed up.
Install Mechanism
Instruction-only skill with no install spec is low-risk from an installation perspective. Nothing will be written to disk by the skill itself during install.
Credentials
No env vars or credentials are declared, which is generally good. However the runtime assumes access to a local Codex CLI and possibly other tooling (test runners, git). The skill does not acknowledge or request any credentials that Codex CLI might require (if it communicates to remote services), nor does it warn about secrets in the repo/workspace.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent/enforced presence or system-wide configuration changes.
What to consider before installing
This skill appears to do what it says (orchestrate Codex CLI to implement plans), but there are a few gaps you should address before installing/using it: 1) Confirm you have the Codex CLI installed and available on PATH — the SKILL.md expects 'codex --version' and runs 'codex exec --full-auto', but the metadata doesn't declare this requirement. 2) Understand that the agent will read local plan files and the repository, run the external Codex process which can write to your workspace, and run tests; back up the repo or use a disposable branch before handing off. 3) Verify there are no secrets in the working tree that could be exposed to any external service Codex CLI might contact. 4) Require explicit user confirmation before any execution (the skill says it will wait for confirmation — keep that). 5) If you need stronger guarantees, ask the skill author to update metadata to declare the 'codex' binary and required config paths, and to document any network interactions or credentials Codex CLI may use. Proceed with caution; the mismatch between declared requirements and runtime expectations is likely an oversight but increases risk.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.1
Download zip
latestvk97bgyz5r2pa5w8513c10f0px583bd1p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Codex Handoff — Supervisor Loop

Claude Code is the supervisor/judge. Codex CLI is the executor. You orchestrate a loop: send plan to Codex, review results, re-run if incomplete, until the task is comprehensively done.

Announce at start: "Using codex-handoff to orchestrate Codex CLI execution of the plan."

Prerequisites

  • Codex CLI must be installed (codex --version)
  • A plan must exist (in docs/plans/, .claude/plans/, or provided inline)
  • The working directory should be a git repo (for diff-based review)

Quick Start

  1. Locate the plan (from docs/plans/, .claude/plans/, or user arguments)
  2. Detect phases — scan for phase headings; if found, execute phase-by-phase
  3. Build a structured Codex prompt with plan (or phase) + project context + coding standards
  4. Execute Codex CLI in --full-auto mode
  5. Review git diff, run tests, audit completion with a scorecard
  6. Decide — loop with correction prompt if items remain, or advance to next phase / finalize
  7. Report final status with completed/remaining items and test results

Reference

TaskDetails
Build Codex promptprompt-templates.md
Review & audit resultsreview-process.md
Handle errorserror-handling.md

Process

Step 1: LOCATE THE PLAN

Find the plan to execute. Search in order:

  1. If user provided a task description with the command, use that as context to find the relevant plan
  2. Check docs/plans/ for the most recent .md file (sorted by date prefix)
  3. Check .claude/plans/ for any recent plan files
  4. If no plan found, tell the user: "No plan found. Please create one first using /brainstorming or /writing-plans."

Once found:

  • Read the plan file completely
  • Present a brief summary to the user
  • Ask: "Ready to hand off to Codex CLI?"
  • Wait for confirmation before proceeding

Step 1b: DETECT PHASES

After reading the plan, scan for H2 headings matching: ## Phase N:, ## Stage N:, ## Part N:, or numbered sections like ## 1. Backend.

  • Phases found — Report: "Detected {N} phases. Will execute sequentially." Use phased flow.
  • No phases — Single-pass execution (Steps 2-6 as normal). No changes for simple plans.
  • --phase N — Optional. Re-run only phase N.

Step 2: BUILD THE CODEX PROMPT

See prompt-templates.md. Use the "Initial Execution Prompt" for single-pass, or "Phase-Scoped Execution Prompt" for phased mode (current phase only + completed phase summaries).

Step 3: EXECUTE CODEX

Parse optional arguments:

  • --max-iterations N — max loop iterations (default: 5, per-phase in phased mode)
  • --model MODEL — pass to codex as -m MODEL
  • --phase N — execute only this phase (phased mode only)
codex exec --full-auto -s workspace-write [-m MODEL] < /tmp/codex-handoff-{timestamp}.md

Let the command run to completion. Capture stdout and exit code. Report: "Codex iteration {N} complete. Reviewing changes..."

Phased execution flow: For each phase (or single phase if --phase N): build phase-scoped prompt → run Codex → review → correction loop (up to max-iterations) → phase passes: record summary, advance → phase fails at max: ask user to continue or stop.

Step 4: REVIEW THE RESULTS

See review-process.md for the review checklist, scorecard, and decision matrix. In phased mode, the scorecard is scoped to current phase items only.

Step 5: DECIDE — LOOP OR COMPLETE

  • All items DONE + tests pass: Move to Step 6 (or next phase).
  • Items remain AND iterations < max: Build correction prompt and re-run Codex.
  • Max iterations reached: Move to Step 6. In phased mode, ask user to continue or stop.

Step 6: FINAL REPORT

See report format in review-process.md. In phased mode, report per-phase results then aggregate. If items remain, suggest --phase N to retry.

Key Principles

  1. Never modify code yourself — Your job is to supervise, not code. Codex does the coding.
  2. Be a strict judge — Don't pass items as "done" unless they genuinely are.
  3. Correction prompts are specific — Tell Codex exactly what's wrong and what to fix.
  4. Respect the plan — Don't add or remove plan items. Execute what was planned.
  5. Keep the user informed — Report status after each iteration and phase transition.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…