← Back to Skills Marketplace

Codex Auth Cleaner

Name: Codex Auth Cleaner
Author: geekjair

by JupiterWen · GitHub ↗ · v1.0.3

cross-platform ⚠ suspicious

382

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install codex-cleaner

Description

Monitor and clean invalid codex auth files from CPA (Codex Provider Agent). Checks quota status, disables 401 files, double-verifies before deletion. Use whe...

README (SKILL.md)

Codex Auth File Cleaner

Clean invalid codex auth files via CPA management API. Zero dependencies (pure Python stdlib).

First Run

Run setup wizard to configure CPA URL and admin key:

python3 scripts/codex_cleaner.py setup

Config saved to config.json (auto-created, gitignored). Config priority: CLI args > env vars (CPA_URL/CPA_KEY) > config.json.

Commands

# View status
python3 scripts/codex_cleaner.py status
python3 scripts/codex_cleaner.py status --json

# Check active files, disable 401s
python3 scripts/codex_cleaner.py check

# Double-verify disabled files, then delete confirmed 401s
python3 scripts/codex_cleaner.py delete

# Full clean (check + delete), output human-readable report
python3 scripts/codex_cleaner.py clean --report

# Full clean, output JSON
python3 scripts/codex_cleaner.py clean --json

# Loop mode (default 300s interval)
python3 scripts/codex_cleaner.py monitor -i 300

Workflow

clean = check + delete

check:  fetch active codex files → concurrent quota check → disable 401s
delete: fetch disabled files → verify#1 (401?) → wait 2s → verify#2 (still 401?) → delete

Double verification prevents accidental deletion of temporarily failing files.

Nanobot Integration

For periodic monitoring, run clean --report via HEARTBEAT or cron, then send the stdout report to the user via message tool.

Example:

cd ~/.nanobot/workspace/skills/codex-cleaner && python3 scripts/codex_cleaner.py clean --report

Report Format

🧹 Codex 认证清理报告
⏰ 2026-02-26 13:50:00

📊 清理前
  总计: 100 | 可用: 85 | 已禁用: 15

🔍 检查阶段
  检测: 85 | 失效(401): 3 | 已禁用: 3

🗑️ 删除阶段
  待删: 18 | 验证通过: 15 | 已删除: 15 | 跳过: 3

📊 清理后
  总计: 85 | ✅可用: 82 | ⛔已禁用: 3

⚡ 本次清理: 禁用 3 + 删除 15 = 18 个无效文件

Config File

config.json (auto-generated by setup wizard):

{
  "cpa_url": "http://YOUR_CPA_HOST:PORT",
  "cpa_key": "YOUR_ADMIN_KEY",
  "concurrency": 20,
  "monitor_interval": 300,
  "notify": {
    "enabled": true,
    "channel": "telegram",
    "chat_id": "YOUR_CHAT_ID"
  }
}

Usage Guidance

This skill is coherent in purpose — it contacts a Codex Provider Agent (CPA) management API and can disable or delete auth files — but there are important mismatches and risks you should consider before installing: - Missing metadata: The package metadata does not declare the required CPA_URL and CPA_KEY, yet the script needs them (via env vars or config.json). Expect to provide an admin key; ensure the registry omission isn't hiding additional secret requirements. - Destructive operations: The tool can permanently delete auth files on the CPA. Test with the status/check commands first and run against a staging instance. Back up or export current auth-file state before running delete/clean in production. - Principle of least privilege: Use a scoped admin key where possible. If the CPA supports a role that can only disable (not delete), prefer that for routine monitoring and only use a full-admin key when you intentionally run deletion. - Config file security: config.json will contain the admin key. Ensure the file is stored with restrictive permissions and verify where it will be saved (the skill directory under ~/.nanobot/workspace in examples). - Notifications unclear: The config includes Telegram/Discord settings but does not show where a bot token or webhook is supplied. Inspect the remainder of the script to confirm how notifications are sent and whether any additional secrets are required. - Review & auditing: Because the script performs network calls and deletions, review the full script (including the truncated portion) to confirm there are no unexpected external endpoints, no hidden logging/exfiltration, and that the delete logic matches your expectations (e.g., only deletes items confirmed by the double verification). If you want to proceed safely: (1) run the script in 'status' and 'check' modes against a test CPA instance, (2) inspect the complete source to confirm notification code and external endpoints, (3) restrict the CPA key used, and (4) ensure secure storage/rotation of the admin key. If you can provide the remainder of the script (truncated portion), I can re-evaluate and reduce uncertainty.

Capability Analysis

Type: OpenClaw Skill Name: codex-cleaner Version: 1.0.3 The skill is designed to monitor and clean codex authentication files via a CPA management API, which aligns with its stated purpose. It uses standard Python libraries, handles an admin API key (CPA_KEY) for authentication, and stores configuration in a local `config.json` file. While it interacts with a `/v0/management/api-call` endpoint, the target URL for this call is hardcoded to `https://chatgpt.com/backend-api/wham/usage`, preventing its use for arbitrary SSRF or malicious proxying from within this skill. There is no evidence of intentional data exfiltration, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.

Capability Assessment

⚠ Purpose & Capability

The skill is described as a CPA codex auth-file cleaner and the included script implements exactly that (fetching auth files, disabling 401s, double-verifying, deleting). However the registry metadata declares no required environment variables or primary credential, while the SKILL.md and the script require CPA_URL and CPA_KEY (or a saved config) — this is an incoherence between what the skill says it needs and what it actually needs to operate.

✓ Instruction Scope

The SKILL.md instructions and shipped script focus on enumerating, checking, disabling, and deleting auth files and on periodic monitoring. The script only references CPA management endpoints and local config; it does not attempt to read unrelated system files. The instructions do suggest running periodic jobs and sending the stdout report via a 'message' tool; that behavior is expected but depends on the operator to implement safe delivery.

✓ Install Mechanism

No install spec is provided and the skill is instruction-only with a single Python script using only the stdlib. There is no network-based installer or third-party package pull in the manifest.

⚠ Credentials

The script legitimately needs an admin-level CPA key and CPA URL to modify and delete auth files, but these required credentials are not declared in the registry metadata (requires.env/primary credential). The config.json and setup wizard also reference notification settings (telegram/discord chat id) but do not declare or explain how messaging credentials (e.g., bot token) are provided, making notification behavior unclear.

✓ Persistence & Privilege

always:false and the skill does not request system-wide privileges. It writes a local config.json in the skill directory (normal). It does perform destructive actions against the CPA (disable/delete); this is an expected capability for a cleanup tool but requires admin rights on the CPA.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install codex-cleaner
After installation, invoke the skill by name or use /codex-cleaner
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

Setup wizard now guides user to fill chat_id for notifications

v1.0.2

Setup wizard now guides user to fill chat_id for notifications

v1.0.1

Remove all hardcoded private data

v1.0.0

Initial release of codex-cleaner. - Monitors and cleans invalid Codex auth files from CPA (Codex Provider Agent). - Checks quota status and disables files with 401 errors, with double verification before deletion. - Provides user-friendly commands for setup, status monitoring, cleaning, and automated monitoring modes. - Generates detailed human-readable and JSON reports. - Zero dependencies; uses pure Python standard library. - Includes integration guide for scheduled operation and Nanobot workflows.

Metadata

Slug codex-cleaner

Version 1.0.3

License —

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Codex Auth Cleaner?

Monitor and clean invalid codex auth files from CPA (Codex Provider Agent). Checks quota status, disables 401 files, double-verifies before deletion. Use whe... It is an AI Agent Skill for Claude Code / OpenClaw, with 382 downloads so far.

How do I install Codex Auth Cleaner?

Run "/install codex-cleaner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Codex Auth Cleaner free?

Yes, Codex Auth Cleaner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Codex Auth Cleaner support?

Codex Auth Cleaner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Codex Auth Cleaner?

It is built and maintained by JupiterWen (@geekjair); the current version is v1.0.3.

More Skills