Skills
skills/sundial-org/awesome-openclaw-skills/codex-cli/Gen Agent Trust Hub

codex-cli

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides the codex exec tool for arbitrary shell execution. Dangerous flags like --yolo and --full-auto are documented to explicitly disable sandboxing and user approvals, giving the agent full system control.
  • [CREDENTIALS_UNSAFE]: Sensitive OAuth tokens from ~/.codex/auth.json are accessed and synchronized into agent profiles. The documentation also suggests piping secrets via printenv, which can expose them in shell history.
  • [EXTERNAL_DOWNLOADS]: The skill demonstrates adding external Model Context Protocol (MCP) servers from non-whitelisted third-party domains such as deepwiki.com.
  • [REMOTE_CODE_EXECUTION]: The tool provides a direct bridge between LLM prompts and local shell execution, allowing the agent to generate and run arbitrary code on the host machine.
  • [DATA_EXFILTRATION]: Full filesystem access, when combined with optional network connectivity through flags like --search, facilitates the exfiltration of sensitive user data.
  • [PROMPT_INJECTION]: The skill is highly vulnerable to indirect injection. Ingestion points include local source files and PR diffs. There are no boundary markers or sanitization logic, while the agent possesses dangerous capabilities like exec and write (SKILL.md).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 10:32 AM