← 返回 Skills 市场
deadlysilent

Codex Auth

作者 DeadlySilent · GitHub ↗ · v1.0.6 · MIT-0
cross-platform ✓ 安全检测通过
344
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install codex-auth
功能描述
DEPRECATED shim skill for /codex_auth. Use codex-profiler instead; codex-auth is no longer the maintained path.
使用说明 (SKILL.md)

⚠️ Deprecated: codex-auth is no longer maintained as a standalone skill. Use codex-profiler for all ongoing /codex_auth and /codex_usage operations.

Run scripts/codex_auth.py to generate a login URL and apply callback URL tokens to auth-profiles.json.

Safe defaults

  • Treat callback URLs/tokens as sensitive and never echo full values.
  • Use queued apply flow for controlled restart behavior.
  • See RISK.md for allowed/denied operation boundaries.

Commands

  • /codex_auth → selector (discovered profiles)
  • /codex_auth \x3Cprofile>
  • /codex_auth finish \x3Cprofile> \x3Ccallback_url>

Interaction adapter

  • If inline buttons are supported: show selector buttons.
  • If inline buttons are not supported: send text fallback (default | \x3Cprofile>).
  • Callback message handling must never echo full callback URLs (treat as sensitive).
  • Use callback_data namespace prefix codex_auth_* to avoid collisions.

How to run

Start flow:

python3 skills/codex-auth/scripts/codex_auth.py start --profile default

Finish flow (after browser redirect URL is pasted):

python3 skills/codex-auth/scripts/codex_auth.py finish --profile default --callback-url "http://localhost:1455/auth/callback?code=...&state=..."

Queue safe apply (stops/restarts gateway in background):

python3 skills/codex-auth/scripts/codex_auth.py finish --profile default --callback-url "http://localhost:1455/auth/callback?code=...&state=..." --queue-apply
python3 skills/codex-auth/scripts/codex_auth.py status

Safety posture

  • No remote shell execution (curl|bash, wget|sh) is allowed by this skill.
  • No sudo/SSH/system package mutation is performed by this skill.
  • OAuth callback URLs are sensitive: never echo full callback URLs or tokens in chat output.
  • Writes are limited to auth profile state files with lock-based coordination.

Notes

  • Uses the same OpenAI Codex OAuth constants/method as OpenClaw onboarding (auth.openai.com + localhost callback).
  • OAuth success here does not guarantee chatgpt.com/backend-api/wham/usage acceptance; usage endpoint may reject token/session format with 401 and should be handled by usage/profiler skills.
  • Endpoint trust boundary: OpenAI auth hosts + localhost callback flow only; do not send callbacks/tokens to third-party hosts.
  • Writes ~/.openclaw/agents/main/agent/auth-profiles.json with file locking to reduce race risk while gateway is running.
  • Profile IDs map as:
    • default -> openai-codex:default (or first discovered codex profile if default missing)
    • any other selector -> openai-codex:\x3Cselector>
  • Pending auth state is stored in /tmp/openclaw/codex-auth-pending.json.
安全使用建议
This skill appears to do what it says: run a Codex OAuth flow, store the resulting tokens in your OpenClaw auth profiles, and (optionally) stop/start the local gateway to apply changes. Before running it: - Prefer the maintained alternative: the SKILL.md itself says use 'codex-profiler' instead; prefer that if available. - Inspect the included scripts/codex_auth.py yourself (it is bundled) to confirm there are no unexpected network endpoints or logging of tokens. The file is present so you can audit it prior to execution. - Be aware the script will write tokens to ~/.openclaw/.../auth-profiles.json and may modify ~/.openclaw/openclaw.json; it also runs 'openclaw gateway stop/start'. Make backups or test in an environment where restarting the gateway is safe. - Because the agent can invoke skills autonomously by default, consider disabling autonomous invocation for this skill (or require manual invocation) if you do not want the agent to modify config or restart services without explicit consent. - Only use the flow with the documented OpenAI auth endpoints (auth.openai.com). If you see the script or SKILL.md referencing other hosts, do not proceed. - If you have low trust in the skill owner or source provenance, do not run it on production machines.
功能分析
Type: OpenClaw Skill Name: codex-auth Version: 1.0.6 The codex-auth skill is a utility for managing OpenAI Codex OAuth authentication via a PKCE flow. The core logic in scripts/codex_auth.py handles token exchange with official OpenAI endpoints (auth.openai.com), manages local configuration files (~/.openclaw/openclaw.json), and provides a mechanism to restart the OpenClaw gateway to apply new credentials. The skill demonstrates good security practices, including the use of PKCE, state validation, file locking, atomic writes, and automatic backups of configuration files before modification. No evidence of data exfiltration, unauthorized remote execution, or malicious prompt injection was found.
能力评估
Purpose & Capability
The name/description (codex-auth shim) aligns with the included script and SKILL.md: it starts/finishes an OpenAI Codex OAuth flow, exchanges tokens with auth.openai.com, and writes auth profiles. The subprocess calls to 'openclaw gateway stop/start' and updates to ~/.openclaw/openclaw.json and auth-profiles.json are coherent with applying a new auth profile.
Instruction Scope
SKILL.md instructs running the included script to start/finish flows and to queue safe apply. The script reads/writes files under the user's home (~/.openclaw/...) and /tmp, stores pending state, exchanges tokens over the OpenAI OAuth token endpoint, decodes JWTs, and constructs revert commands. These actions are within the stated scope but are privileged (modify agent config and auth files, and restart the gateway). SKILL.md's safety guidance about not echoing callback URLs is respected in intent, but you should verify the script's actual output if you care about secrets not being logged or echoed.
Install Mechanism
No install spec — instruction-only with a bundled script. Nothing is downloaded or installed automatically by the skill, which reduces external install risk. The code will run locally when you execute the script.
Credentials
The skill does not request environment variables or external credentials beyond performing an OAuth flow with hardcoded CLIENT_ID and standard OpenAI auth endpoints. It writes tokens into local auth-profiles.json as expected for an auth helper. No unrelated secrets or service credentials are requested.
Persistence & Privilege
The skill does not force permanent inclusion (always:false). However, the script performs persistent, privileged actions: it writes to ~/.openclaw/openclaw.json and ~/.openclaw/.../auth-profiles.json, creates backups, and executes local commands to stop/start the gateway. Because the skill can be invoked autonomously by the model (default), consider whether you want an agent to be able to run these operations without manual approval.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codex-auth
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codex-auth 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
Deprecation notice: standalone codex-auth is deprecated; users should migrate to maintained codex-profiler path.
v1.0.5
Clarify OAuth-vs-usage endpoint behavior: successful OAuth refresh does not guarantee WHAM usage endpoint acceptance; document 401 handling expectations for companion usage/profiler skills.
v1.0.4
Add RISK.md policy + safe-defaults section; clarify endpoint trust boundary and sensitive callback/token handling.
v1.0.3
Doc hardening: explicit safety posture and strict callback/token secrecy guidance.
v1.0.2
Cross-channel UX update: selector fallback guidance, callback namespace guidance, and stricter callback secrecy notes.
v1.0.1
Added SECURITY.md with scope/data/egress/operational safety notes.
v1.0.0
Initial release: profile OAuth start/finish, callback handling, profile declaration sync, auth order updates, and queued safe apply with restart warning/status.
元数据
Slug codex-auth
版本 1.0.6
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 7
常见问题

Codex Auth 是什么?

DEPRECATED shim skill for /codex_auth. Use codex-profiler instead; codex-auth is no longer the maintained path. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 344 次。

如何安装 Codex Auth?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codex-auth」即可一键安装,无需额外配置。

Codex Auth 是免费的吗?

是的,Codex Auth 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Codex Auth 支持哪些平台?

Codex Auth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Codex Auth?

由 DeadlySilent(@deadlysilent)开发并维护,当前版本 v1.0.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论