codex-oauth-automation-extension

SUSPICIOUS. The skill’s footprint is coherent with its stated purpose, but that purpose is high-risk: automating batch OpenAI account creation, harvesting OTPs from mailboxes, capturing OAuth callback data, and submitting it to an arbitrary CPA panel. No strong malware evidence or hidden payloads are shown, but the autonomous account-registration workflow and third-party callback routing make the skill high security risk.