codex-auto-register

SUSPICIOUS. The install path is relatively ordinary, but the skill’s actual footprint is high risk: it automates mass account creation, collects and stores passwords plus OAuth tokens, depends on proxies to evade service limits, and optionally uploads those credentials to a third-party CPA endpoint. That combination is disproportionate to any legitimate developer-use skill and creates clear credential-handling and exfiltration risks.