Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Codex Sub Agents 1
v1.0.1Use OpenAI Codex CLI for coding tasks. Triggers: codex, code review, fix CI, refactor code, implement feature, coding agent, gpt-5-codex. Enables Clawdbot to delegate coding work to Codex CLI as a subagent or direct tool.
⭐ 0· 1.1k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to enable use of a local OpenAI Codex CLI for coding tasks — the commands and patterns described match that purpose. However the documentation also instructs automatic syncing of auth from ~/.codex/auth.json into Clawdbot auth profiles and describes granting 'full access' (network + filesystem) and adding external MCP servers, which are broader privileges than a minimal CLI wrapper strictly needs.
Instruction Scope
SKILL.md explicitly directs reading and copying credential files (~/.codex/auth.json → ~/.clawdbot/.../auth-profiles.json), running codex with --full-auto / danger-full-access / --yolo flags, and adding arbitrary MCP servers/URLs. These are concrete instructions that allow token movement, unrestricted file writes and network access, and connecting to external endpoints — all of which expand the agent's scope beyond simple code editing.
Install Mechanism
This is an instruction-only skill with no install spec or shipped code files, so nothing is downloaded or written by the skill itself. That lowers the mechanical install risk.
Credentials
The skill declares no required env vars, but its instructions reference OPENAI_API_KEY and require access to ~/.codex/auth.json and Clawdbot auth profiles. Implicitly reading and syncing sensitive tokens is requested without those credentials being declared or constrained, which is disproportionate and surprising to users who expect only CLI invocation guidance.
Persistence & Privilege
Although always:false and there's no installer, the guidance instructs modifying Clawdbot auth profiles (writing tokens into ~/.clawdbot/agents/.../auth-profiles.json) and running long-lived MCP servers — actions that change other agent configuration and enable persistent cross-agent privileges. That degree of configuration/credential modification should be explicit and limited.
What to consider before installing
This skill mostly describes how to integrate a local Codex CLI, which is reasonable — but it also tells the system to read and copy local authentication files, run Codex with flags that grant full filesystem and network access, and connect to arbitrary MCP servers/URLs. Before installing or using: 1) Verify you actually have an official codex binary from a trusted source (npm package identity, checksums). 2) Do not enable --full-auto / danger-full-access / --yolo unless you fully trust the repository and workspace; prefer read-only or explicit approval modes. 3) Disable or review any automatic auth sync: inspect ~/.codex/auth.json and ~/.clawdbot auth-profiles.json and back them up before allowing automatic copy. 4) Avoid adding unknown MCP servers or external URLs (they can receive code or data). 5) If you need to proceed, limit Codex to a confined workspace and require manual approvals for writes and network access. If you want a safer recommendation, provide the precise tooling and constraints you require and ask for a version that uses read-only workflows and explicit token provisioning.Like a lobster shell, security has layers — review code before you run it.
latestvk97f21kgxzq8y1eat9bmte68qh80w6h1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.