Codex Handoff (OpenClaw Plans, Codex Codex, OpenClaw Judges)

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally hands coding plans to Codex CLI for automated repository edits, and that powerful behavior is disclosed and gated by user confirmation.

Install this only if you intend to let Codex CLI make changes in the current repository. Use it from a clean branch or worktree, confirm the plan summary before handoff, and review the final diff and test results afterward.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation guidance includes broad natural-language triggers like 'let codex do it' and 'has a plan ready,' which can cause the skill to engage in situations where the user did not clearly consent to handing execution to an automated coding agent. In this skill's context, that ambiguity is more dangerous because the workflow culminates in running `codex exec --full-auto -s workspace-write`, enabling autonomous repository modification.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description does not prominently warn that the skill offloads work to Codex CLI in fully automated write mode, which can make code changes without direct step-by-step user approval. Given this skill's purpose is to orchestrate repeated autonomous execution loops, the missing warning materially increases the risk of uninformed consent and unintended repository changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal