Codex Switcher
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for switching local Codex accounts, but it handles high-sensitivity login tokens and has under-disclosed endpoint override and broad backup behavior that users should review first.
Use this only if you trust and have reviewed the full local script. Before running it, make sure CS_OAUTH_AUTHORIZE_URL and CS_OAUTH_TOKEN_URL are unset or point to official OpenAI endpoints, protect ~/.openclaw/auth-snapshots and backups with private permissions, and periodically remove old backups you no longer need.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these environment variables are set unexpectedly, OAuth code-verifier material could be sent somewhere other than OpenAI, which users may not realize from the skill description.
The script can send OAuth token-exchange data to environment-selected URLs, while the skill's security posture describes official OpenAI endpoints only and the metadata declares no environment variables.
AUTHORIZE_URL="${CS_OAUTH_AUTHORIZE_URL:-https://auth.openai.com/oauth/authorize}"
TOKEN_URL="${CS_OAUTH_TOKEN_URL:-https://auth.openai.com/oauth/token}"
...
req=Request(token_url, data=body, method='POST'Remove non-official endpoint overrides, or clearly document them and enforce an allowlist/confirmation before any credential-bearing request uses a non-default URL.
This can create additional persistent copies of authentication material, potentially including profiles beyond the Codex account being switched.
On switch, the script backs up the whole OpenClaw auth-profiles.json file into the snapshots backup directory before changing the Codex profile.
MAIN_AUTH="$STATE_DIR/agents/main/agent/auth-profiles.json"
BACKUP_DIR="$SNAPSHOT_DIR/backups"
...
out="$BACKUP_DIR/${base}.${ts}.bak"
cp "$src" "$out"
...
backup_file "$MAIN_AUTH" >/dev/nullBack up only the affected Codex profile when possible, or explicitly document that full auth-profile backups are created, protect them with restrictive permissions, and provide cleanup/retention guidance.
Anyone or any process that can read or tamper with these snapshot files could affect which Codex account is used or access saved token material.
The skill intentionally persists reusable credential snapshots. This is purpose-aligned, but the files are sensitive persistent state.
store each account as a separate snapshot under `~/.openclaw/auth-snapshots/` ... Treat all snapshot files as secrets. Never expose full access tokens or refresh tokens in chat.
Keep ~/.openclaw/auth-snapshots private, verify file permissions, avoid sharing backups, and inspect snapshot aliases/emails before switching.
The visible portions are coherent, but users cannot rely on this artifact set alone to inspect every operation the bundled script may perform.
The provided script artifact is truncated, so not all credential-handling paths, such as the remainder of quota/refresh/add dispatch logic, are visible in the supplied review context.
"truncated": true
Review the complete scripts/cs.sh locally before use, especially refresh, quota, and command-dispatch sections.