Skills
skills/aradotso/codex-skills/codex-console-automation/Gen Agent Trust Hub

codex-console-automation

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's database models and task configurations are designed to store and manage highly sensitive data, including OpenAI email/password credentials, session tokens, and full credit card details (card number, expiry, and CVV).
  • [DATA_EXFILTRATION]: A primary function of the skill is to "export and upload OpenAI tokens to API gateways" such as CPA, Sub2API, Team Manager, and New-API. This involves the systematic collection and transmission of harvested credentials to external third-party services.
  • [REMOTE_CODE_EXECUTION]: The installation guide instructs users to clone and execute code from an external, unverified GitHub repository (dou-jiang/codex-console) and install dependencies from requirements.txt. This introduces a high risk of supply chain attack or execution of malicious code.
  • [COMMAND_EXECUTION]: The skill provides scripts for building standalone executables (build.bat, build.sh) and includes instructions for running shell commands to manage system processes (kill -9), which can be used to execute arbitrary code or interfere with system stability.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with and downloads data from several niche third-party email providers (CloudMail, LuckMail, YYDS Mail) and API gateways of unknown reputation to facilitate automated account registration bypasses.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 06:51 PM