Codex Switcher
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: codex-switcher Version: 1.0.0 The codex-switcher skill is a utility for managing multiple OpenAI Codex accounts locally by swapping authentication snapshots. The implementation in scripts/cs.sh uses standard OAuth 2.0 PKCE flows, communicates exclusively with official OpenAI endpoints (auth.openai.com and chatgpt.com), and includes security-conscious practices such as atomic file writes, local backups of sensitive configuration files, and explicit warnings against executing untrusted remote code. No evidence of data exfiltration, malicious persistence, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these environment variables are set unexpectedly, OAuth code-verifier material could be sent somewhere other than OpenAI, which users may not realize from the skill description.
The script can send OAuth token-exchange data to environment-selected URLs, while the skill's security posture describes official OpenAI endpoints only and the metadata declares no environment variables.
AUTHORIZE_URL="${CS_OAUTH_AUTHORIZE_URL:-https://auth.openai.com/oauth/authorize}"
TOKEN_URL="${CS_OAUTH_TOKEN_URL:-https://auth.openai.com/oauth/token}"
...
req=Request(token_url, data=body, method='POST'Remove non-official endpoint overrides, or clearly document them and enforce an allowlist/confirmation before any credential-bearing request uses a non-default URL.
This can create additional persistent copies of authentication material, potentially including profiles beyond the Codex account being switched.
On switch, the script backs up the whole OpenClaw auth-profiles.json file into the snapshots backup directory before changing the Codex profile.
MAIN_AUTH="$STATE_DIR/agents/main/agent/auth-profiles.json"
BACKUP_DIR="$SNAPSHOT_DIR/backups"
...
out="$BACKUP_DIR/${base}.${ts}.bak"
cp "$src" "$out"
...
backup_file "$MAIN_AUTH" >/dev/nullBack up only the affected Codex profile when possible, or explicitly document that full auth-profile backups are created, protect them with restrictive permissions, and provide cleanup/retention guidance.
Anyone or any process that can read or tamper with these snapshot files could affect which Codex account is used or access saved token material.
The skill intentionally persists reusable credential snapshots. This is purpose-aligned, but the files are sensitive persistent state.
store each account as a separate snapshot under `~/.openclaw/auth-snapshots/` ... Treat all snapshot files as secrets. Never expose full access tokens or refresh tokens in chat.
Keep ~/.openclaw/auth-snapshots private, verify file permissions, avoid sharing backups, and inspect snapshot aliases/emails before switching.
The visible portions are coherent, but users cannot rely on this artifact set alone to inspect every operation the bundled script may perform.
The provided script artifact is truncated, so not all credential-handling paths, such as the remainder of quota/refresh/add dispatch logic, are visible in the supplied review context.
"truncated": true
Review the complete scripts/cs.sh locally before use, especially refresh, quota, and command-dispatch sections.