codex-image

Fail

Audited by Snyk on Jun 27, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill requires reading the user's access token from ~/.codex/auth.json and using it verbatim in HTTP requests/headers (and may display it via status), so the LLM must handle and embed secret credential values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This code intentionally impersonates the official Codex CLI and reuses local ChatGPT OAuth credentials (~/.codex/auth.json) to stealthily consume the user's ChatGPT subscription quota for image generation, a deliberate deception/abuse of authentication and service fingerprints that can be used to misuse an account and upload user images to external APIs.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 27, 2026, 06:27 AM
Issues
2
Security Audit — snyk — codex-image