Back to skill

Security audit

codex-orchestration

Security checks across malware telemetry and agentic risk

Overview

This skill openly coordinates Codex workers, but it also tells them to run commands and background agents without approvals, which deserves careful review before installation.

Install only if you intentionally want Codex to coordinate parallel workers and potentially run shell commands without approval prompts. Use it in trusted workspaces, keep worker scopes narrow, avoid exposing sensitive credentials or private data unless necessary, and prefer read-only worker prompts unless you explicitly want edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest description is very broad ('General-purpose orchestration for Codex'), which increases the chance the skill is invoked in situations beyond its intended bounds. In an orchestration skill with terminal access and worker spawning, overly broad activation can cause unnecessary delegation, tool use, or unsafe execution paths in unrelated tasks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Telling the agent to 'use common sense' and 'just do it' weakens explicit scope boundaries and encourages discretionary action. In this skill, that ambiguity is amplified by autonomous orchestration, web access, and PTY command execution, making it easier for the agent to over-act or skip needed checks.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
This guide is steering, not bureaucracy. Use common sense. If something is simple, just do it.

## Default assumptions
- YOLO config (no approvals); web search enabled.
- PTY execution available via `exec_command` and `write_stdin`.
- Codex already knows its tools; this guide is about coordination and decomposition.
Confidence
97% confidence
Finding
no approval

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.