codex-mcp

This code is primarily an orchestration wrapper around a local `codex` subprocess. It does not show clear intentional malware (no exfiltration/crypto/backdoor logic). However, it contains a high-severity security weakness: `context_cmd` from external RPC input is executed via `execSync` without validation, enabling arbitrary command execution under the user’s privileges. Additionally, its sandbox/approval mediation defaults appear permissive (auto-accepts file/permission approvals), increasing the risk that the spawned child can modify project files. Overall: likely more of a dangerous orchestration design than overt sabotage, but security-critical if exposed to untrusted callers.