Back to skill
Skillv1.1.4
VirusTotal security
OpenAI Codex CLI Runner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:37 AM
- Hash
- 0d4f6ddf6f2788d7d631c3ef1dd77f579827125d79e245590329e22091f18fac
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: codex-cli-task Version: 1.1.4 The skill provides an asynchronous runner for OpenAI Codex with broad capabilities, including full shell and filesystem access via the `--dangerously-bypass-approvals-and-sandbox` flag in `run-task.py`. It manages sensitive credentials, such as the OpenClaw gateway token and Telegram bot tokens, and dynamically generates a notification script in `/tmp/` that contains the bot token, posing a risk in multi-user environments. While these behaviors are documented and support the stated goal of background task orchestration, the combination of unsandboxed execution and credential handling represents a significant attack surface.
- External report
- View on VirusTotal