oracle-codex

Warn

Audited by Socket on May 10, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS rather than benign: the overall purpose is coherent and the Codex CLI itself appears to be an official OpenAI tool, so this is not fundamentally incompatible with the skill’s stated function. The main risk comes from unverifiable local wrapper scripts that mediate execution and data transfer, plus the intentional export of user/repo context to a remote model service. No clear credential theft, third-party proxying, or overtly malicious behavior is shown, but the hidden wrapper boundary prevents a fully benign classification.

Confidence: 81%Severity: 52%
Audit Metadata
Analyzed At
May 10, 2026, 05:20 AM
Package URL
pkg:socket/skills-sh/paulrberg%2Fagent-skills%2Foracle-codex%2F@285e8b90c45f3a2514adb2b333a0a0a0fd51c4b0
Security Audit — socket — oracle-codex