codexmcp-claude-codex-collaboration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). Mixed sources: although some links point to official documentation (OpenAI, Anthropic/Claude, MCP), the skill explicitly instructs piping remote installer scripts into shell/PowerShell (astral.sh install.sh and install.ps1) and pulling a GitHub package from an unknown/low-profile GuDaStudio repo—running remote scripts and installing from unvetted repositories is a common malware distribution pattern and therefore high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation steps run remote install scripts and fetch a Git repo at runtime — e.g., PowerShell "irm https://astral.sh/uv/install.ps1 | iex", shell "curl -LsSf https://astral.sh/uv/install.sh | sh", and the package source "git+https://github.com/GuDaStudio/codexmcp.git" — which download and execute remote code that the skill requires.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit instructions that bypass security (e.g., PowerShell -ExecutionPolicy ByPass, curl | sh installation), and exposes options to skip approvals and request "danger-full-access"/"yolo", which encourage bypassing protections and granting full workspace access.