codex

Warn

Audited by Socket on Jun 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

This skill appears purpose-aligned and not overtly malicious: it is a thin wrapper around the official OpenAI Codex CLI. However, it is a high-impact orchestration surface because it allows unattended Codex turns with broad filesystem, command, network, and cross-worker function access, especially when `danger-full-access`, web search, or third-party MCP tools are enabled. Classify as benign in intent but high risk in operation.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 16, 2026, 02:45 PM
Package URL
pkg:socket/skills-sh/iii-hq%2Fworkers%2Fcodex%2F@046c198a42355bd01f09c7fdda5269abfa56c2def6a1879f7b7b28b950903f0b
Security Audit — socket — codex