codex-auth-account-manager
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing and executing code from unverified third-party sources, specifically the npm packages
@loongphy/codex-authand@loongphy/codext. - [COMMAND_EXECUTION]: The skill provides instructions for global software installation (
npm install -g) and immediate execution of remote scripts vianpx. - [CREDENTIALS_UNSAFE]: The described tools are designed to manipulate, import, and export highly sensitive authentication files (
~/.codex/auth.json), posing a high risk of credential exposure when used with unverified code.
Recommendations
- AI detected serious security threats
Audit Metadata