Skillv1.0.0

ClawScan security

ACPX Codex Playbook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 2:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only playbook that consistently documents how to run Codex via acpx for file-heavy, multi-step tasks; its requests and instructions match its stated purpose and it does not ask for unrelated credentials or installs.
Guidance: This is a how-to playbook and appears internally consistent. Before using it, understand that following its advice will cause the agent (or you) to run shell commands, create files under /tmp, and potentially install Python packages into a local venv — these actions modify system state and may require network access for pip installs. If you are concerned about safety: run the workflow in an isolated/test environment, avoid placing secrets into prompt files, review generated commands before execution (or run in read-only/exec mode for verification), and validate artifacts in /tmp before moving them to persistent locations. The skill does not request credentials or hidden network endpoints.

Review Dimensions

Purpose & Capability: okName/description (acpx + Codex persistent sessions, file creation, local installs, deliverables) align with the actual content: only runtime guidance for using acpx, using /tmp, using venvs, and preferring shell/Python file writes. There are no unrelated env variables, binaries, or config paths required.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent/operator to set session mode to 'full-access', run shell heredocs, create files under /tmp, and prefer project-local pip installs in virtualenvs. These are coherent with the playbook's purpose but mean the agent (or operator following it) will run shell commands and may install packages — actions that change system state. The instructions do not direct reading or exfiltrating unrelated system secrets or contacting unexpected external endpoints.
Install Mechanism: okNo install spec is present (instruction-only), so nothing is written to disk by the skill itself. The playbook recommends runtime actions (creating a .venv and pip installing) which are normal operational guidance; there is no packaged download URL or extract step in the skill metadata to raise additional install risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Recommendations to use /tmp, local .venv, and 'full-access' are proportional to the stated goal of producing local artifacts and resolving filesystem/sandbox issues.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable (defaults). It does recommend setting an acpx session to 'full-access' during operation; while that expands session-level capabilities, the skill itself does not request persistent platform-level privileges or modify other skills or system-wide agent settings.