Codex Sub Agents 1
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Codex CLI integration, but it recommends auto-approved coding execution and automatic reuse of local Codex OAuth tokens, so it should be reviewed before enabling.
Install this only if you trust Codex CLI and Clawdbot to edit and run commands in your projects. Start with read-only or approval-required modes, avoid `--full-auto`, `--yolo`, or full-access modes unless the repository is trusted, review diffs before committing, and confirm whether Clawdbot should import your Codex OAuth tokens from `~/.codex/auth.json`.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding request could lead to automated file edits and command execution in the selected project, so mistakes or prompt misunderstandings could modify code before the user reviews it.
`--full-auto` is presented as a Clawdbot execution pattern for coding tasks, allowing the external Codex CLI to make workspace changes and run commands with reduced approval friction.
Clawdbot runs: exec codex exec --full-auto --cd ~/projects/medreport "fix TypeScript errors in src/components"
Use read-only or on-request approval modes for untrusted repositories, require explicit user confirmation before `--full-auto`, and review diffs before committing or pushing changes.
Installing or configuring this integration may let Clawdbot use the user's Codex/OpenAI authenticated session, which can consume account access or subscription entitlements.
The skill documents automatic reuse of a local Codex OAuth token file into Clawdbot auth profiles, even though the registry metadata declares no primary credential or required config path.
Clawdbot auto-syncs OAuth tokens from Codex CLI: - Source: `~/.codex/auth.json` - Target: `~/.clawdbot/agents/<agentId>/agent/auth-profiles.json`
Confirm you want Clawdbot to import and use Codex credentials, inspect generated auth profiles, and revoke or remove the profile if you do not want this delegation.
The security of the integration depends partly on the installed Codex CLI package and any MCP servers the user adds.
The skill is instruction-only but asks the user to install a global npm package. This is expected for a Codex CLI integration, but global package installs depend on external package provenance.
npm i -g @openai/codex
Install only the official package from a trusted registry, keep it updated, and avoid adding MCP servers you do not trust.
Coding tasks, code snippets, and results may pass between agents and through the Codex-backed subagent.
The skill describes a main agent spawning or communicating with a coding subagent. The example includes an allowlist and sandbox settings, so this appears purpose-aligned, but it still creates an inter-agent data and permission boundary.
tools: {
agentToAgent: {
enabled: true,
allow: ["main", "coder"]
}
}Keep agent-to-agent allowlists narrow, use separate workspaces for coder agents, and avoid sending secrets or private files unless necessary.
Past session content or saved prompts could be reused later and affect future code changes.
Codex sessions and reusable prompts persist locally and can influence future coding tasks. This is normal for the tool, but persistent context can carry stale, sensitive, or poisoned instructions.
Session Files Location: `~/.codex/sessions/` Custom Prompts Location: `~/.codex/prompts/<n>.md`
Review saved prompts, clear old sessions when needed, and avoid storing secrets or untrusted instructions in reusable Codex prompt files.