codex-essentials
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of external software from public registries.
- Specifically, it recommends installing 'cli-anything-hub' via 'pip', which originates from an unverified third-party source.
- It also uses 'npx -y @modelcontextprotocol/server-github' to download and execute code from the npm registry at runtime.
- [COMMAND_EXECUTION]: The skill provides executable shell commands for system configuration and tool setup.
- It includes commands like 'cli-hub install browser' which triggers further installations through a third-party CLI.
- The 'codex mcp add' commands are used to modify the agent's environment by adding external Model Context Protocol servers.
Audit Metadata