ClawHub

Codex Auth Session Refresh

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but it handles live ChatGPT session credentials and can persist or refresh them with too little in-flow warning or control.

Install only if you deliberately want Codex authentication refreshed from an existing ChatGPT browser session. Treat the browser profile and ~/.codex/auth.json as sensitive credentials, use a dedicated trusted machine or profile, avoid shared systems and backups that copy these files, review any scheduled-task setup before enabling it, and know how to revoke the session if the files are exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
72% confidence
Finding
The skill advertises credential-handling behavior and interaction with authentication state, but the metadata shown does not declare corresponding permissions or clearly bound capabilities. Undeclared capability use reduces transparency and makes it harder for users or reviewers to understand that the skill will access sensitive environment/auth-related data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes extracting a live ChatGPT session access token from the browser and writing it into another tool's auth store, but it does not give an explicit warning about the sensitivity of session tokens or the account compromise risk if the token is exposed. Session tokens are effectively credentials, so normalizing their extraction and reuse without strong warnings can lead users to mishandle them, store them insecurely, or run the workflow in unsafe environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes extracting a fresh access token from an existing ChatGPT browser session and persisting it into Codex's auth.json, but it does not prominently explain the security and privacy implications of handling live session-derived credentials and storing a reusable browser profile. Users may underestimate that the browser-profile directory and auth artifacts can contain sensitive authentication state that, if copied or exposed, could enable account access or token theft.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes reading an access token from an existing ChatGPT browser session and writing it into `~/.codex/auth.json`, which is a sensitive credential-handling workflow. Even though the text claims a 'safe design', it does not prominently warn that browser-session tokens are highly sensitive account credentials and that copying them into another tool broadens the exposure surface if the host, logs, backups, or profile directory are compromised.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script overwrites the user's Codex auth.json with a token harvested from a browser session, and it does so automatically once the session is read. Although it creates a backup, there is no explicit confirmation or warning immediately before the write, so a user can unintentionally replace valid credentials or persist sensitive auth material to an unexpected path if environment variables are manipulated.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code fetches a live ChatGPT session access token from the browser context and then later persists it into a local auth file. In this skill's context, that is the core intended behavior, but it is still sensitive because it extracts bearer-token material from an authenticated session and stores it on disk without a strong in-flow warning about the security implications.

Credential Access

High
Category
Privilege Escalation
Content
| Command | What it does |
|---------|-------------|
| `login-profile.ps1` | First login / re-login into ChatGPT (for Codex) |
| `run-refresh.ps1` | Refresh Codex's access token now |
| `status.ps1` | Check Codex auth.json status |
| `install-scheduled-task.ps1` | Auto-refresh Codex auth every N hours |
| `create-desktop-toolbox.ps1` | Desktop shortcuts for Codex auth management |
Confidence
98% confidence
Finding
access token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal