codex-cli

[Skill Scanner] [Documentation context] Backtick command substitution detected This skill file is not itself malicious code, but it documents workflows and configuration that create high-risk supply-chain and credential-forwarding scenarios. Key concerns: syncing ~/.codex/auth.json into another agent, piping raw OPENAI_API_KEY values into the CLI, use of --full-auto and Full Access approval modes that allow unattended writes and network use, and installing/adding arbitrary MCP servers via npx or HTTP URLs without integrity checks. These behaviors are disproportionate for a helper unless strict safeguards are enforced (per-action approvals, integrity verification, least-privilege credentials). Treat the integration as suspicious and high-risk for credential exposure and supply-chain compromise unless additional controls are enforced. LLM verification: [LLM Escalated] The document describes a legitimate automation and integration pattern for a local Codex CLI as an AI coding assistant. I found no evidence of embedded obfuscated malware or hard-coded credentials in the provided fragment. However, the README demonstrates several high-risk operational patterns: broad/full-access execution modes (--full-auto, Full Access), credential forwarding (syncing ~/.codex/auth.json into other agent configs), and the ability to add arbitrary MCP servers or enable network ac