oh-my-codex
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Bypassing safety sandboxes. The skill documentation explicitly recommends the use of the '--madmax' flag, which maps to the Codex CLI flag '--dangerously-bypass-approvals-and-sandbox'. This configuration allows the agent to execute system commands without manual user approval or restricted environment constraints.
- [REMOTE_CODE_EXECUTION]: Dynamic plugin execution. The skill supports a hook system (OMX_HOOK_PLUGINS=1) that loads and executes arbitrary JavaScript files located in '.omx/hooks/*.mjs'. This allows for the execution of arbitrary code during session start, turn completion, and other lifecycle events.
- [EXTERNAL_DOWNLOADS]: Global package dependencies. The setup process requires the installation of global npm packages, specifically 'oh-my-codex' and '@openai/codex'. While the latter is from a well-known service (OpenAI), the orchestration package 'oh-my-codex' originates from a third-party repository and gains broad system access upon installation.
- [COMMAND_EXECUTION]: Complex orchestration environment. The skill utilizes tmux to manage parallel 'team' workers. This high level of concurrency and the use of terminal multiplexing make it difficult for users to monitor all background agent actions and system modifications in real-time.
Recommendations
- AI detected serious security threats
Audit Metadata