codexplusplus-launcher

SUSPICIOUS. The skill's capabilities mostly match its stated goal of enhancing Codex, but the trust chain is weak: it asks the agent to clone, install, and run a third-party repo that is not verifiably operated by OpenAI or the skill publisher, then grants it deep control over local Codex sessions and UI via CDP injection. That combination is disproportionate enough to classify as high security risk, though not confirmed malware.