← Back to Skills Marketplace
darkamenosa

Codex Imagen

by darkamenosa · GitHub ↗ · v0.2.6 · MIT-0
cross-platform ⚠ suspicious
100
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install codex-imagen
Description
Generate or edit raster images by calling the ChatGPT/Codex Responses image_generation tool directly with local Codex or OpenClaw OAuth credentials, then sav...
README (SKILL.md)

Codex Imagen

Generate or edit images by calling the ChatGPT/Codex backend directly with OAuth credentials already stored on the machine. This calls the native Responses image_generation tool, does not start codex app-server, does not need the Codex CLI binary, and does not require OPENAI_API_KEY.

Quick Start

Run the helper through Node for macOS, Linux, and Windows compatibility:

node {baseDir}/scripts/codex-imagen.mjs --timeout 300 'generate image follow this prompt, no refine: "a cinematic fantasy city at sunrise"'

Normal generation prints one generated image path per line. Diagnostics and progress go to stderr.

Use --json when the caller needs machine-readable metadata:

node {baseDir}/scripts/codex-imagen.mjs --json --timeout 300 --prompt 'generate a small blue lotus icon'

Ask for multiple outputs in the prompt. There is no --count flag:

node {baseDir}/scripts/codex-imagen.mjs --timeout 300 -o out/ --prompt 'generate 3 images of a monk mage'

Use --verbose or --debug for event-level progress, and --quiet when only stdout paths/JSON should be emitted.

Retry Behavior

The helper retries transient empty failures by default: network errors, HTTP 5xx responses, backend server_error / overloaded / unavailable responses, and dropped/incomplete streams that end before a completed image arrives. Default is --retries 4, meaning 5 total attempts, matching Codex's request retry shape.

Retries are intentionally not used for usage errors, auth errors, policy/input errors, rate limits, generation timeouts, or after an image has already been saved. If streaming saves partial images and then times out, the helper returns those saved paths instead of starting a duplicate generation. The --timeout value applies per generation attempt, so an outer OpenClaw exec.timeout must budget for retries when retries are enabled.

Use --no-retry or --retries 0 when an outer caller owns retry behavior.

Timeout Units

Use --timeout \x3Cseconds> for agent-facing calls. This intentionally matches OpenClaw's surrounding exec tool timeout value, which is also in seconds. For a 5 minute OpenClaw call, use --timeout 300.

--timeout-ms \x3Cmilliseconds> remains available for compatibility and sub-second tests. Do not use --timeout-ms 300 when you mean 5 minutes; that is only 0.3 seconds. Use either --timeout, --timeout-seconds, or --timeout-ms, not more than one in the same command.

Generation Timing

Image generation can be slow, especially when the prompt asks for multiple images. For chat-facing OpenZalo/OpenClaw calls:

  • Use --timeout 300 for ordinary one-image requests.
  • For prompts that ask for 3 images, prefer --timeout 600, or ask for 2 images when the conversation should return quickly.
  • If a 3-image request reaches the timeout after saving 1 or 2 images, the helper returns those saved paths with timed_out: true; this is a usable partial success, not a hang.
  • The --timeout value applies per generation attempt. If default retries are enabled, set the outer OpenClaw exec.timeout higher than the helper timeout budget, or reduce retries with --retries 1 / --no-retry.

Auth Discovery

The CLI reads existing OAuth JSON and sends Authorization: Bearer \x3Caccess> plus ChatGPT-Account-Id to https://chatgpt.com/backend-api/codex/responses.

Run a local auth check without generating:

node {baseDir}/scripts/codex-imagen.mjs --smoke

Auth lookup order:

  1. --auth
  2. CODEX_IMAGEN_AUTH_JSON, OPENCLAW_CODEX_AUTH_JSON, CODEX_AUTH_JSON
  3. OPENCLAW_AGENT_DIR/auth-profiles.json or PI_CODING_AGENT_DIR/auth-profiles.json
  4. OPENCLAW_AGENT_DIR/auth.json or PI_CODING_AGENT_DIR/auth.json
  5. ~/.openclaw/agents/main/agent/auth-profiles.json
  6. ~/.openclaw/agents/main/agent/auth.json
  7. ~/.openclaw/credentials/oauth.json
  8. CODEX_HOME/auth.json
  9. ~/.codex/auth.json

For OpenClaw, the current auth store is usually:

~/.openclaw/agents/main/agent/auth-profiles.json

Codex CLI is not required at runtime. The skill works with OAuth created by OpenClaw itself, for example openclaw onboard --auth-choice openai-codex or openclaw models auth login --provider openai-codex. It only needs an existing openai-codex OAuth profile; it does not perform the first browser login itself.

Profile selection follows OpenClaw first: explicit --auth-profile, CODEX_IMAGEN_AUTH_PROFILE / OPENCLAW_AUTH_PROFILE, OpenClaw config auth.order.openai-codex or configured auth.profiles, then sibling auth-state.json lastGood.openai-codex. Pass --auth-profile openai-codex:\x3Cid> when a specific OpenClaw profile should be used.

Output Paths

Use --out-dir or -o/--output when the caller needs a specific artifact location:

node {baseDir}/scripts/codex-imagen.mjs --out-dir ./openclaw-images --prompt 'generate three UI icon variants'
node {baseDir}/scripts/codex-imagen.mjs -o out/ --prompt 'generate 3 images of a monk mage'

--output image.png writes exactly that path for one image. If multiple images arrive, outputs are numbered as image-1.png, image-2.png, and so on. If --output has no extension or ends in /, it is treated as a directory. Without --output, automatic names use codex-imagen-\x3Ctimestamp>-\x3Coptional-index>-\x3Cimage-call-id>.png.

When --out-dir is not set, the script chooses the first available location:

  1. CODEX_IMAGEN_OUT_DIR
  2. OPENCLAW_OUTPUT_DIR
  3. OPENCLAW_AGENT_DIR/artifacts/codex-imagen
  4. OPENCLAW_STATE_DIR/artifacts/codex-imagen
  5. ./codex-imagen-output

Streaming is enabled by default and saves each image as soon as it arrives. If a run times out after partial results, already received images remain saved and are printed. Use --timeout 300 for chat-facing OpenClaw calls unless the user explicitly asks for a longer run, or --no-stream to request a non-streaming response.

Reference Images

Attach reference images explicitly. Do not use positional image paths; positional arguments are reserved for prompt text.

node {baseDir}/scripts/codex-imagen.mjs --input-ref ref1.png --input-ref ref2.jpg --prompt 'generate 3 images of him livestreaming in this world'
node {baseDir}/scripts/codex-imagen.mjs -i ref1.png -i ref2.jpg --prompt 'change the main character into a woman'
node {baseDir}/scripts/codex-imagen.mjs --image-url 'https://example.com/ref.png' --prompt 'use this image as the world reference'

Local images are converted to data:image/...;base64,... and sent as input_image items. --input-ref accepts local paths, http(s) URLs, and data:image/... URLs. -i/--image is local-only, and --image-url is URL/data-URL only. Supported local formats are PNG, JPEG, GIF, and WebP. Use --image-detail auto|low|high|original when the model should receive lower or higher image detail; default is high. Use smaller JPEG references when high-fidelity pixel detail is not needed.

OAuth Refresh

The CLI refreshes expired or near-expiry OAuth tokens through https://auth.openai.com/oauth/token and writes the updated token back to the same auth file. The default OAuth refresh skew is 5 minutes, matching OpenClaw's OAuth usability margin. For OpenClaw auth-profiles.json, refresh uses OpenClaw-compatible cross-agent OAuth refresh locking, then locks the auth store before rereading and writing credentials. It also inherits a fresh matching profile from the main OpenClaw agent store when the current agent/workspace auth store is stale. This avoids refresh_token_reused races when multiple OpenClaw or agent processes share one openai-codex profile.

When auth is auto-discovered and the first auth file is irrecoverably stale, the CLI tries the next compatible auth source, such as CODEX_HOME/auth.json or ~/.codex/auth.json. Explicit --auth paths are not bypassed.

Use these controls when needed:

node {baseDir}/scripts/codex-imagen.mjs --refresh-only --json
node {baseDir}/scripts/codex-imagen.mjs --force-refresh --smoke --json
node {baseDir}/scripts/codex-imagen.mjs --no-refresh --prompt 'generate one image'

For concurrent OpenClaw processes, prefer the active OpenClaw agent's auth-profiles.json so every caller uses the same profile identity. Use --no-refresh only when the caller already owns OAuth refresh and wants this helper to use the provided access token as-is.

Use --base-url only for a compatible Codex backend, and --refresh-url only for a compatible OAuth refresh endpoint.

Cross-Platform Notes

The helper is plain Node.js 22+ with no native dependencies. It uses os.homedir() and environment overrides for Windows, Linux, and macOS. In cmd.exe, single quotes are not shell quotes; use double quotes or write UTF-8 text to a file and use:

node {baseDir}/scripts/codex-imagen.mjs --prompt-file prompt.txt

Use --cwd \x3Cpath> when another agent launches this script from an unpredictable working directory.

Usage Guidance
This helper legitimately needs access to local Codex/OpenClaw OAuth profiles to call the Responses image_generation endpoint and to refresh tokens. Before installing: 1) Review the scripts (they are included) yourself or a trusted reviewer to confirm they only call the expected endpoints; 2) Only run it with a dedicated OAuth profile (not your primary account) if possible; 3) Be cautious because the CLI will read and write auth files (it can refresh tokens) — back up important auth files first; 4) Avoid passing or allowing untrusted agents to set --base-url or --refresh-url (these default to chatgpt.com and auth.openai.com but can be overridden), as that could redirect tokens to arbitrary endpoints; 5) Prefer running the tool in an isolated environment or container if you don't fully trust the skill owner; 6) Verify the skill's provenance (repository/homepage/owner) — registry metadata shows no homepage/source URL, so confirm the upstream source before trusting. If you want, I can point out the exact code paths that read/write auth files and where the refresh and network calls occur.
Capability Analysis
Type: OpenClaw Skill Name: codex-imagen Version: 0.2.6 The codex-imagen skill is a well-engineered utility designed to generate or edit images using the ChatGPT/Codex backend via existing local OAuth credentials. The core logic in scripts/codex-imagen.mjs implements robust authentication discovery across multiple standard paths (e.g., ~/.openclaw, ~/.codex), handles OAuth token refreshing with cross-process file locking, and manages image generation through legitimate OpenAI endpoints (chatgpt.com and auth.openai.com). The script follows security best practices by using atomic writes and restricted file permissions (0o600) for sensitive credential files, and it contains no evidence of data exfiltration, malicious execution, or prompt injection.
Capability Tags
cryptorequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description (image generation via Codex/ChatGPT Responses using local OAuth) matches the code and SKILL.md: the CLI reads local OAuth profiles and calls the Codex Responses image_generation endpoint. Requiring node and having helper scripts is proportionate.
Instruction Scope
The runtime instructions and CLI intentionally enumerate many local auth file locations (OpenClaw/Codex paths), read those files, perform OAuth refreshes, and save generated images to disk. All of these actions are within scope for a tool that uses local OAuth to call the Responses backend, but the instructions/CLI also allow reading/writing multiple agent-wide auth stores (e.g., ~/.openclaw/agents/.../auth-profiles.json), which is broad and sensitive.
Install Mechanism
There is no network install; the package is instruction + included Node scripts. No arbitrary remote downloads or extract operations are present in the manifest. This is lower-risk from an install perspective.
Credentials
Although no required env vars are declared, the CLI reads many env vars/path candidates and will read and write local OAuth credentials across many locations and can perform token refreshes. It also accepts overridable --base-url and --refresh-url flags (and env overrides), which could be used to send tokens to arbitrary endpoints if an attacker can control arguments or environment. Access/modification of user OAuth tokens is high privilege and should be justified and limited.
Persistence & Privilege
always:false (good). The tool will modify auth stores (refresh tokens written back) and uses cross-process locking when touching OpenClaw auth files. Writing/updating OAuth credentials is normal for a refresh-capable helper, but it is a significant privilege; ensure you trust the skill and its author before allowing it to run with access to shared auth stores.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install codex-imagen
  3. After installation, invoke the skill by name or use /codex-imagen
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.6
codex-imagen 0.2.6 - Added GitHub Actions CI workflow for automated testing. - Introduced a standalone test script: `scripts/codex-imagen.test.mjs`. - Added a `.gitignore` to exclude node_modules, key artifacts, and environment files. - Expanded and clarified documentation, including retry, timeout, and streaming behavior, and new flags (`--timeout`, `--retries`, `--verbose`, `--quiet`, etc.). - Improved auth discovery and refresh instructions, now including more paths and details for OpenClaw integration.
v0.2.2
- Directly generates or edits raster images via ChatGPT/Codex backend using local Codex or OpenClaw OAuth credentials. - No longer requires Codex CLI, codex app-server, or OPENAI_API_KEY. - Flexible OAuth authentication discovery, supporting multiple common credential locations and OpenClaw profiles. - Supports output control with `--out-dir` and environment variables for image artifact paths. - Allows attaching multiple reference images using `--input-ref` with support for local files, URLs, and base64 data URLs; handles PNG, JPEG, GIF, and WebP. - Includes OAuth token refresh logic compatible with OpenClaw's locking for safe multi-process access. - Fully cross-platform and can be run as a plain Node.js 22+ script on Windows, macOS, and Linux.
Metadata
Slug codex-imagen
Version 0.2.6
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Codex Imagen?

Generate or edit raster images by calling the ChatGPT/Codex Responses image_generation tool directly with local Codex or OpenClaw OAuth credentials, then sav... It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.

How do I install Codex Imagen?

Run "/install codex-imagen" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Codex Imagen free?

Yes, Codex Imagen is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Codex Imagen support?

Codex Imagen is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Codex Imagen?

It is built and maintained by darkamenosa (@darkamenosa); the current version is v0.2.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments