codex-plusplus-tweak-system
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for the direct execution of remote shell and PowerShell scripts using piped execution patterns (
curl | bashandirm | iex). These scripts originate from an unverified GitHub repository (b-nnett/codex-plusplus), allowing for arbitrary code execution on the user's system without prior verification. - [COMMAND_EXECUTION]: The documented installation process involves significant and high-risk modifications to application binaries. This includes patching the
app.asararchive of an Electron application and manually disabling internal security flags such asEnableEmbeddedAsarIntegrityValidation. Such actions bypass standard application security controls. - [COMMAND_EXECUTION]: The skill instructs the agent to re-sign application bundles using ad-hoc signatures (
codesign --force --deep --sign -), which is a technique used to bypass macOS Gatekeeper protections for modified or unsigned binaries. - [COMMAND_EXECUTION]: The tool establishes persistence on the host system by installing launch agents and login items. This ensures that the modifications and the background 'repair' service are automatically executed across user sessions.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of external software from unverified third-party sources, including Homebrew taps and direct GitHub repository links for package managers like Bun.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/b-nnett/codex-plusplus/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata