Skills
skills/aradotso/codex-skills/codex-manager-rust/Gen Agent Trust Hub

codex-manager-rust

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to download executable binaries and service scripts from a third-party GitHub repository (github.com/qxcnm/Codex-Manager).
  • [REMOTE_CODE_EXECUTION]: The installation instructions involve fetching files via wget, modifying permissions with chmod +x, and executing them directly (./codexmanager-start), which facilitates the execution of remote code from an unverified source.
  • [COMMAND_EXECUTION]: The documentation provides multiple shell commands for managing local services, interacting with Docker, and modifying file system permissions to enable binary execution.
  • [DYNAMIC_EXECUTION]: The skill features an extensible plugin architecture using the Rhai scripting language, which allows for the dynamic loading and execution of scripts (main.rhai) capable of making system calls and accessing account data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 11:50 PM