codex-plusplus-tweak-system

SUSPICIOUS. The skill’s capabilities mostly match its stated purpose as an unofficial Codex patch/tweak system, but it uses high-risk installation patterns (curl|bash and PowerShell iex from raw GitHub), patches and re-signs a local app, installs an auto-repair watcher, and executes tweak code with full Electron renderer privileges. These behaviors are coherent for this kind of app-modding tool, so this is not confirmed malware, but the install and execution trust profile is materially risky and broader than a normal documentation skill.