NYC

oh-my-codex

Warn

Audited by Snyk on Feb 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes a launch flag (--madmax) explicitly described as "dangerously-bypass-approvals-and-sandbox" and supports hook plugins (.omx/hooks/*.mjs) and global command execution (npm install -g, omx setup), which together enable bypassing security mechanisms and running arbitrary code that can modify machine state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:11 PM