codex-image
Audited by Socket on Jun 27, 2026
3 alerts found:
Anomalyx3This is not executable dependency code; it is a design document describing a skill that generates/edits images via OpenAI’s hosted image_generation tool using ChatGPT subscription auth by reusing Codex CLI auth.json and performing PKCE OAuth fallback. The most significant red flag is the explicit requirement to perfectly spoof Codex CLI HTTP fingerprints (User-Agent/originator/request structure/SSE parsing) and reuse Codex OAuth client parameters to make the requests indistinguishable from the official client—i.e., impersonation/evasion behavior. No classic malware actions are specified, but the behavior is high-risk from a policy/impersonation supply-chain perspective. Recommend rejecting or tightly constraining use, and perform an implementation-level review once code is available to verify token handling, network destinations, and whether any additional hidden actions exist.
SUSPICIOUS: the skill's functional goal is image generation, but its distinctive behavior is harvesting and reusing Codex/ChatGPT auth tokens, refreshing them, and impersonating the official Codex client to consume subscription-backed access. Data flows appear to stay with OpenAI, which lowers exfiltration concern, but the credential reuse and client masquerading are disproportionate to a normal image skill.
The provided material is documentation describing the intended runtime workflow of an unofficial codex-image skill. It highlights legitimate integration points (local credential reuse, OAuth-based authentication, and remote API usage) but introduces security and privacy considerations due to handling of credentials, token flows, and user prompts/images with an external service. While not evidence of explicit backdoors or malware, the approach requires rigorous hardening: secure storage for credentials, explicit user consent and data-handling policies, minimized token scopes, audit trails, and clear boundaries on data sent to external APIs. A formal security review of the actual implementation, including credential management, token handling, and data retention, is strongly recommended before distribution or usage in production environments.