Codex Profile Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Codex profile failover, but it needs review because it can continuously modify and remove sensitive OAuth profile and session state.

Install only in a trusted OpenClaw workspace after backing up auth and session files. Run dry-run first, inspect the planned profile choice and session updates, keep notifications disabled unless intended, and avoid starting the apply daemon unless you accept automatic profile mutation and deletion behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises operational behaviors that imply file access, file modification, networking, and script execution, but it does not declare any permissions or constraints in the manifest. This creates a transparency and governance gap: downstream systems or reviewers cannot accurately assess what the skill may do, and a broadly capable orchestration skill that installs config, syncs sessions, and runs daemon/apply flows is especially risky if invoked without explicit capability disclosure.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description and usage text use broad activation language such as stabilizing or rebuilding switching logic, inspecting profiles, selecting the healthiest account, and packaging replacements, which could match many routine support or auth-related requests. Because the skill also appears to have powerful file, network, and shell-adjacent capabilities, ambiguous triggering increases the chance of accidental invocation in sensitive environments and unintended profile or session manipulation.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The script automatically deletes auth profile entries after repeated invalid responses, based on network-derived state and without explicit confirmation. This can permanently remove credentials or account configuration due to transient server-side auth failures, unexpected API changes, or misclassification, causing denial of service and destructive state loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal