codexmcp-claude-codex-collaboration

SUSPICIOUS. The skill's general purpose is coherent, but its trust chain is not: an ara.so skill instructs the agent to execute a GitHub-hosted MCP server from a different publisher via `uvx`, then route project data and possibly credential-backed Codex activity through it. The capability belongs to the stated purpose, but the install provenance, auto-approval guidance, and optional high-autonomy modes make the overall skill medium-high risk rather than benign.