oracle-codex

SUSPICIOUS rather than benign: the overall purpose is coherent and the Codex CLI itself appears to be an official OpenAI tool, so this is not fundamentally incompatible with the skill’s stated function. The main risk comes from unverifiable local wrapper scripts that mediate execution and data transfer, plus the intentional export of user/repo context to a remote model service. No clear credential theft, third-party proxying, or overtly malicious behavior is shown, but the hidden wrapper boundary prevents a fully benign classification.