ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Codex Agent

v1.0.0

作为项目经理操作 OpenAI Codex CLI 完全体。包含:知识库维护(自动跟踪 Codex 最新功能)、任务执行(提示词设计→执行→监控→质量检查→迭代→汇报)、配置管理(feature flags/模型/skills/MCP)。通过 tmux 操作交互式 TUI,通过 notify hooks + pa...

0· 444·2 current·2 all-time
byHenry Yang@henryxiaoyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (manage Codex via OpenClaw + tmux + hooks) aligns with the files and scripts provided. However the registry metadata lists no required environment variables while the code and INSTALL.md expect and instruct setting CODEX_AGENT_CHAT_ID, CODEX_AGENT_CHANNEL, CODEX_AGENT_NAME and reliance on the openclaw CLI and Codex binary — this mismatch between declared requirements and actual needs is a governance/visibility concern.
!
Instruction Scope
SKILL.md and INSTALL.md instruct adding a Codex notify hook that passes full turn payload to hooks/on_complete.py and running pane_monitor.sh to capture tmux output. Those hooks will forward Codex output (which may include code, file paths, and secrets) to a messaging channel and wake an OpenClaw agent. The instructions also ask the user to run OpenClaw gateway restart and offer an automatic configuration message to have OpenClaw perform setup — both give the skill broad ability to modify and influence agent behavior and to transmit potentially sensitive data externally.
Install Mechanism
No external install spec or remote downloads are present; the skill is instruction + local scripts. Files are run locally (shell + python). This is lower risk than fetching arbitrary code at install time, but the provided scripts will be executed by Codex (via notify) or manually by the operator.
!
Credentials
The skill bundle does not declare required env vars in metadata, yet the code and docs require CODEX_AGENT_CHAT_ID, CODEX_AGENT_CHANNEL and CODEX_AGENT_NAME and assume the openclaw CLI is available. It also expects Telegram (or other OpenClaw channels) configured. These credentials/channels are sensitive because they will carry full Codex outputs; the lack of declared env requirements reduces transparency and increases risk.
!
Persistence & Privilege
INSTALL.md explicitly instructs changing ~/.openclaw/openclaw.json to effectively disable session resetting (setting idleMinutes to an extremely large value). That is a global OpenClaw configuration change that increases the lifetime of agent contexts and thus the blast radius if data is leaked. The skill also runs background monitors and spawns openclaw agent wake calls — acceptable for the feature, but notable because it requests/encourages long-lived agent state and automated agent actions.
What to consider before installing
Things to consider before installing: - Secrets & privacy: Codex notify hook and pane monitor forward Codex outputs (summary, cwd, captured pane lines) to your configured message channel (e.g., Telegram) and wake an OpenClaw agent. Those payloads may include file paths, code, or secrets. If you plan to use on private repos or sensitive projects, do not enable the notify hook or restrict the channel until you audit outputs. - Missing declaration: The skill metadata lists no required environment variables but the code/docs require CODEX_AGENT_CHAT_ID, CODEX_AGENT_CHANNEL, CODEX_AGENT_NAME and expect the openclaw CLI. Treat these as required and set them explicitly rather than relying on defaults like "YOUR_CHAT_ID". - Global config change: INSTALL.md recommends changing ~/.openclaw/openclaw.json to effectively disable session resets for ~100 years. That is a significant global change — consider alternatives (use a dedicated agent instance, or increase timeout for specific sessions) instead of a permanent global override. - Review the hooks: Inspect hooks/on_complete.py and hooks/pane_monitor.sh. They call openclaw message send and openclaw agent (local CLI). Ensure those CLI commands do what you expect and that OpenClaw's message channel is trusted. Test in an isolated environment first. - Least privilege & testing: Run the skill in a non‑production machine or container first. Do not give it unattended ability to post externally until you verify what is sent. If you want notifications but not raw content, modify on_complete.py to sanitize or redact payloads before sending. - Auto‑configure caution: The provided "one‑line to OpenClaw" automation will let OpenClaw modify your environment; only use it if you trust the agent and have reviewed the INSTALL.md steps. If you want, I can: - list the exact lines in the scripts that transmit data so you can review/patch them, or - suggest a minimally invasive configuration (e.g., disable notify, run monitor manually, avoid changing global OpenClaw reset) to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ygg15ft3xbrq9tevt24shs821n7b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments