← Back to Skills Marketplace
cecwxf

OpenAI Codex Operator

by saiph · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
1198
Downloads
2
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install openai-codex-operator
Description
Run OpenAI Codex CLI from OpenClaw for coding tasks in a target project directory. Use when the user asks OpenClaw to use Codex for implementation, debugging...
Usage Guidance
This skill appears to do only what it claims: run the local Codex CLI against a repository. Before installing or invoking it, ensure you understand that the Codex CLI will contact OpenAI and may send repository contents (including secrets or PII) to OpenAI; remove or redact sensitive files or use a sanitized checkout. Also confirm you trust the locally installed `@openai/codex` package and its authentication mechanism (ChatGPT login or API key) before granting access.
Capability Analysis
Type: OpenClaw Skill Name: openai-codex-operator Version: 1.0.1 The skill bundle is classified as suspicious due to a clear shell injection vulnerability pattern. The `scripts/run-codex-example.sh` file directly uses unsanitized user input (`$TASK`) in a shell command (`codex exec "$TASK"`), which is a critical remote code execution risk. Furthermore, the `SKILL.md` instructions for the OpenClaw agent describe constructing commands like `exec.command: "codex exec \"<task>\""`. If the agent naively inserts user-provided task descriptions into this template without proper escaping, it would also lead to shell injection. While there is no evidence of malicious intent (e.g., data exfiltration, backdoors), these are significant vulnerabilities that allow for arbitrary command execution.
Capability Assessment
Purpose & Capability
Name/description match the contents: SKILL.md, references, and example script all describe running the Codex CLI (codex / codex exec) in a specified workdir. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions stay within the stated purpose (running Codex in a target repo, foreground/background modes, polling). They do not instruct reading arbitrary system files or unrelated credentials. Note: the skill does not provide guidance about avoiding sending secrets to Codex — the CLI may transmit repository contents to OpenAI during its operation, so users should be warned to scrub sensitive data before running.
Install Mechanism
No install spec is provided (instruction-only), and the included script only instructs installing the official npm package (@openai/codex) if codex is missing. There are no downloads from untrusted URLs or extract actions.
Credentials
The skill declares no required environment variables or credentials. It does mention Codex/CLI authentication in references (ChatGPT login or API key), which is expected for this integration and is not requested by the skill itself.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and has no install-time persistence. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openai-codex-operator
  3. After installation, invoke the skill by name or use /openai-codex-operator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Republish for discoverability check.
v1.0.0
Initial release: invoke OpenAI Codex CLI from OpenClaw with pty/workdir/background patterns.
Metadata
Slug openai-codex-operator
Version 1.0.1
License
All-time Installs 2
Active Installs 1
Total Versions 2
Frequently Asked Questions

What is OpenAI Codex Operator?

Run OpenAI Codex CLI from OpenClaw for coding tasks in a target project directory. Use when the user asks OpenClaw to use Codex for implementation, debugging... It is an AI Agent Skill for Claude Code / OpenClaw, with 1198 downloads so far.

How do I install OpenAI Codex Operator?

Run "/install openai-codex-operator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenAI Codex Operator free?

Yes, OpenAI Codex Operator is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenAI Codex Operator support?

OpenAI Codex Operator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenAI Codex Operator?

It is built and maintained by saiph (@cecwxf); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments