CodexInfo
PassAudited by ClawScan on May 14, 2026.
Overview
CodexInfo appears purpose-aligned for Codex notifications, but it installs a persistent Codex hook, runs the local Codex CLI, stores a bearer token, and forwards notification text to your configured channels.
Before installing, be sure you are comfortable using the unsafe-install acknowledgement, letting the package register a Codex hook, storing a local gateway token, and sending Codex status/details to your configured notification channels. Review the generated ~/.codex/config.toml and ~/.openclaw/codexinfo files after setup.
Publisher note
CodexInfo uses child_process for two local-only operations: (1) codex --version for CLI version detection at setup/doctor time, (2) spawn('codex', ['app-server']) to read rate-limit data via stdin/stdout JSON-RPC (no network). No external network requests from child_process calls.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill allows its code to start local Codex-related processes during setup, doctor/status checks, and notification handling.
The package runs local Codex CLI commands. This explains the dangerous_exec scan signal and the unsafe-install acknowledgement, but the commands shown are consistent with setup checks and rate-limit retrieval.
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true }); ... proc = spawn(codexBin, ["app-server"], { stdio: ["pipe", "pipe", "ignore"] });Install only if you trust the package source and are comfortable with a Codex notification plugin running local Codex commands.
CodexInfo may continue sending notifications after setup whenever Codex turns complete or configured approval events occur.
Setup persists a Codex notify hook and configuration so the skill runs automatically on future Codex events. This is disclosed and matches the notification purpose.
Add `notify = [...]` to `~/.codex/config.toml` ... Write `~/.openclaw/codexinfo/hook-config.json`
Review the changes to ~/.codex/config.toml and remove the hook if you no longer want automatic notifications.
Anyone who can read the stored hook configuration could potentially use the CodexInfo gateway token.
The skill stores and uses a bearer token for its OpenClaw gateway endpoint. This is expected for authenticating hook delivery and is disclosed.
Write `~/.openclaw/codexinfo/hook-config.json` (gateway URL + bearer token)
Keep ~/.openclaw/codexinfo files private and rotate/reconfigure the token if it is exposed.
Completion summaries, approval-wait descriptions, and rate-limit details may be sent to the channels you configure.
Notification text is forwarded through OpenClaw's outbound delivery system to configured channels such as Slack, Telegram, or email. This is core functionality, but users should understand where messages go.
deliverOutboundPayloads({ cfg, channel: delivery.channel, to: delivery.to, payloads: [{ text }] });Configure only trusted delivery destinations and avoid channels where Codex project details should not appear.
The skill may read recent Codex session metadata/log tails on the local machine to decide what notification to send.
The hook can inspect recent local Codex session rollout files to classify notification state. The visible logic appears bounded and purpose-aligned, but it does touch local Codex session context.
const sessionsDir = join(homedir(), ".codex", "sessions", dateDir); ... // Read the tail of a rollout JSONL and classify as "approval-wait" or "completion".
Use this only if you are comfortable with the plugin reading local Codex session files for notification classification.