Codex Owner Move E2E
ReviewAudited by ClawScan on May 8, 2026.
Overview
This appears to be an internal maintainer test that can direct an agent to publish, transfer ownership of, and delete a skill, so it should be reviewed carefully before installation.
Do not install this as a normal user skill. It is explicitly described as maintainer-only validation and should only be run in a sandbox or controlled maintainer environment with the exact temporary skill target confirmed before any publish, owner-transfer, or delete action.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong account or target, the agent could publish, transfer, or delete a skill in a real registry context.
The skill directs an agent through publish, ownership migration, and deletion operations. These are high-impact registry mutations and the artifact does not specify approval gates or concrete containment beyond calling the slug throwaway.
1. Publish version 0.0.1... 2. Publish version 0.0.2 with the OpenClaw owner selected and the migration opt-in enabled... 4. Delete the temporary skill after validation completes.
Use only in a controlled maintainer test environment with explicit confirmation for each publish, transfer, and delete action, and pin the exact temporary slug or sandbox target.
The agent may try to use the installer's authenticated publisher or organization privileges for ownership migration.
The workflow relies on authenticated personal publisher access and organization owner selection, but the artifacts do not bound which credentials or permissions should be used.
Publish version 0.0.1 under the authenticated personal publisher. Publish version 0.0.2 with the OpenClaw owner selected...
Restrict this skill to maintainers with dedicated test credentials and clearly document the required account, organization, and permission scope.