hive-keep-codex-fast

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The maintenance script utilizes subprocess.check_output to execute system utilities including lsof, ps, and powershell. These commands are used solely for process discovery to ensure Codex is not running before attempting state modifications, preventing database corruption.
  • [DYNAMIC_EXECUTION]: The tool generates Python-based restoration scripts within its backup directories. These scripts are derived from static internal templates and serve as a recovery mechanism for the operator to revert changes. The generation process uses proper escaping for file paths.
  • [DATA_EXFILTRATION]: No network access or data exfiltration patterns were detected. The skill operates entirely within the local environment and the specified Codex home directory.
  • [PROMPT_INJECTION]: The skill instructions and operational policies include strict safety guardrails that prevent the agent from performing automated or unauthorized mutations. It explicitly requires human confirmation for non-read-only tasks.
  • [DATA_EXPOSURE]: While the script interacts with sensitive local state databases (e.g., state_5.sqlite), it implements privacy-aware reporting that suppresses raw thread content and identifiers in standard output unless diagnostic flags are explicitly enabled by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 05:53 PM
Security Audit — agent-trust-hub — hive-keep-codex-fast