OpenAI Codex Multi OAuth
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its OAuth-debugging purpose, but it needs review because its scripts read OpenClaw OAuth/session files and use stored Codex tokens to query account usage while the registry metadata does not declare that sensitive access.
Install or run this only if you intentionally want help debugging OpenAI Codex OAuth profiles in OpenClaw. Prefer running the scripts manually, limit checks with --profile or a specific --state-dir when possible, avoid --raw unless necessary, and redact diagnostic output before sharing it. Back up any OpenClaw files before applying patches.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the usage script lets the agent use existing Codex OAuth credentials to retrieve usage and account identifiers for one or more profiles. This is not evidence of token theft, but it is sensitive account access.
The usage report reads stored Codex access tokens and account IDs, then authenticates to the ChatGPT usage endpoint. This is expected for per-profile usage debugging, but it is high-impact account credential use and is not reflected by the registry metadata's lack of credential/config declarations.
USAGE_URL = 'https://chatgpt.com/backend-api/wham/usage' ... 'Authorization': f'Bearer {token}' ... headers['ChatGPT-Account-Id'] = item['accountId']Run this only for explicit Codex-profile debugging, prefer --profile to limit the accounts checked, and avoid sharing JSON/raw output publicly. The skill metadata should declare its local auth/profile/session access.
Diagnostic output may reveal profile IDs, emails, account IDs, workspace labels, session targets, and which OAuth profile a chat is pinned to.
The summary script reads persistent OpenClaw auth and session state and can print session targets and selected auth profile overrides. That is useful for debugging but may expose private local context.
'auth': state_dir / 'agents' / agent / 'agent' / 'auth-profiles.json',
'sessions': state_dir / 'agents' / agent / 'sessions' / 'sessions.json' ... 'target': ... 'authProfileOverride': entry.get('authProfileOverride')Treat script output as sensitive. Redact account, email, workspace, and session details before posting logs or asking others for help.
A mistaken patch could affect profile selection, status display, or usage reporting across chats.
The documentation includes guidance to patch runtime behavior or helper-side session syncing. This is consistent with a debugging/repair skill and includes backup guidance, but it can still alter local OpenClaw behavior if followed.
patch the runtime usage path so it can prefer the intended session-selected profile ... Before any runtime patch: - back up the file you change - keep the patch minimal
Only patch files after confirming the affected layer, make backups first, and test one scenario at a time as the skill recommends.
Users may not realize from the registry fields alone that the skill runs local Python diagnostics against OpenClaw state files.
The registry metadata does not declare the Python runtime expectation or the local OpenClaw auth/session/config paths used by the included helper scripts. This is a metadata/provenance gap rather than evidence of hidden installation or malicious code.
No install spec — this is an instruction-only skill ... Required binaries: none ... Primary credential: none ... Required config paths: none ... Code file presence: 2 code file(s)
The publisher should declare Python/script usage and the relevant ~/.openclaw paths or capability tags so users can understand the access before installing.