← 返回 Skills 市场

Codex Auth Cleaner

Name: Codex Auth Cleaner
Author: geekjair

作者 JupiterWen · GitHub ↗ · v1.0.3

cross-platform ⚠ suspicious

382

总下载

当前安装

版本数

在 OpenClaw 中安装

/install codex-cleaner

功能描述

Monitor and clean invalid codex auth files from CPA (Codex Provider Agent). Checks quota status, disables 401 files, double-verifies before deletion. Use whe...

使用说明 (SKILL.md)

Codex Auth File Cleaner

Clean invalid codex auth files via CPA management API. Zero dependencies (pure Python stdlib).

First Run

Run setup wizard to configure CPA URL and admin key:

python3 scripts/codex_cleaner.py setup

Config saved to config.json (auto-created, gitignored). Config priority: CLI args > env vars (CPA_URL/CPA_KEY) > config.json.

Commands

# View status
python3 scripts/codex_cleaner.py status
python3 scripts/codex_cleaner.py status --json

# Check active files, disable 401s
python3 scripts/codex_cleaner.py check

# Double-verify disabled files, then delete confirmed 401s
python3 scripts/codex_cleaner.py delete

# Full clean (check + delete), output human-readable report
python3 scripts/codex_cleaner.py clean --report

# Full clean, output JSON
python3 scripts/codex_cleaner.py clean --json

# Loop mode (default 300s interval)
python3 scripts/codex_cleaner.py monitor -i 300

Workflow

clean = check + delete

check:  fetch active codex files → concurrent quota check → disable 401s
delete: fetch disabled files → verify#1 (401?) → wait 2s → verify#2 (still 401?) → delete

Double verification prevents accidental deletion of temporarily failing files.

Nanobot Integration

For periodic monitoring, run clean --report via HEARTBEAT or cron, then send the stdout report to the user via message tool.

Example:

cd ~/.nanobot/workspace/skills/codex-cleaner && python3 scripts/codex_cleaner.py clean --report

Report Format

🧹 Codex 认证清理报告
⏰ 2026-02-26 13:50:00

📊 清理前
  总计: 100 | 可用: 85 | 已禁用: 15

🔍 检查阶段
  检测: 85 | 失效(401): 3 | 已禁用: 3

🗑️ 删除阶段
  待删: 18 | 验证通过: 15 | 已删除: 15 | 跳过: 3

📊 清理后
  总计: 85 | ✅可用: 82 | ⛔已禁用: 3

⚡ 本次清理: 禁用 3 + 删除 15 = 18 个无效文件

Config File

config.json (auto-generated by setup wizard):

{
  "cpa_url": "http://YOUR_CPA_HOST:PORT",
  "cpa_key": "YOUR_ADMIN_KEY",
  "concurrency": 20,
  "monitor_interval": 300,
  "notify": {
    "enabled": true,
    "channel": "telegram",
    "chat_id": "YOUR_CHAT_ID"
  }
}

安全使用建议

This skill is coherent in purpose — it contacts a Codex Provider Agent (CPA) management API and can disable or delete auth files — but there are important mismatches and risks you should consider before installing: - Missing metadata: The package metadata does not declare the required CPA_URL and CPA_KEY, yet the script needs them (via env vars or config.json). Expect to provide an admin key; ensure the registry omission isn't hiding additional secret requirements. - Destructive operations: The tool can permanently delete auth files on the CPA. Test with the status/check commands first and run against a staging instance. Back up or export current auth-file state before running delete/clean in production. - Principle of least privilege: Use a scoped admin key where possible. If the CPA supports a role that can only disable (not delete), prefer that for routine monitoring and only use a full-admin key when you intentionally run deletion. - Config file security: config.json will contain the admin key. Ensure the file is stored with restrictive permissions and verify where it will be saved (the skill directory under ~/.nanobot/workspace in examples). - Notifications unclear: The config includes Telegram/Discord settings but does not show where a bot token or webhook is supplied. Inspect the remainder of the script to confirm how notifications are sent and whether any additional secrets are required. - Review & auditing: Because the script performs network calls and deletions, review the full script (including the truncated portion) to confirm there are no unexpected external endpoints, no hidden logging/exfiltration, and that the delete logic matches your expectations (e.g., only deletes items confirmed by the double verification). If you want to proceed safely: (1) run the script in 'status' and 'check' modes against a test CPA instance, (2) inspect the complete source to confirm notification code and external endpoints, (3) restrict the CPA key used, and (4) ensure secure storage/rotation of the admin key. If you can provide the remainder of the script (truncated portion), I can re-evaluate and reduce uncertainty.

功能分析

Type: OpenClaw Skill Name: codex-cleaner Version: 1.0.3 The skill is designed to monitor and clean codex authentication files via a CPA management API, which aligns with its stated purpose. It uses standard Python libraries, handles an admin API key (CPA_KEY) for authentication, and stores configuration in a local `config.json` file. While it interacts with a `/v0/management/api-call` endpoint, the target URL for this call is hardcoded to `https://chatgpt.com/backend-api/wham/usage`, preventing its use for arbitrary SSRF or malicious proxying from within this skill. There is no evidence of intentional data exfiltration, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.

能力评估

⚠ Purpose & Capability

The skill is described as a CPA codex auth-file cleaner and the included script implements exactly that (fetching auth files, disabling 401s, double-verifying, deleting). However the registry metadata declares no required environment variables or primary credential, while the SKILL.md and the script require CPA_URL and CPA_KEY (or a saved config) — this is an incoherence between what the skill says it needs and what it actually needs to operate.

✓ Instruction Scope

The SKILL.md instructions and shipped script focus on enumerating, checking, disabling, and deleting auth files and on periodic monitoring. The script only references CPA management endpoints and local config; it does not attempt to read unrelated system files. The instructions do suggest running periodic jobs and sending the stdout report via a 'message' tool; that behavior is expected but depends on the operator to implement safe delivery.

✓ Install Mechanism

No install spec is provided and the skill is instruction-only with a single Python script using only the stdlib. There is no network-based installer or third-party package pull in the manifest.

⚠ Credentials

The script legitimately needs an admin-level CPA key and CPA URL to modify and delete auth files, but these required credentials are not declared in the registry metadata (requires.env/primary credential). The config.json and setup wizard also reference notification settings (telegram/discord chat id) but do not declare or explain how messaging credentials (e.g., bot token) are provided, making notification behavior unclear.

✓ Persistence & Privilege

always:false and the skill does not request system-wide privileges. It writes a local config.json in the skill directory (normal). It does perform destructive actions against the CPA (disable/delete); this is an expected capability for a cleanup tool but requires admin rights on the CPA.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install codex-cleaner
安装完成后，直接呼叫该 Skill 的名称或使用 /codex-cleaner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

Setup wizard now guides user to fill chat_id for notifications

v1.0.2

Setup wizard now guides user to fill chat_id for notifications

v1.0.1

Remove all hardcoded private data

v1.0.0

Initial release of codex-cleaner. - Monitors and cleans invalid Codex auth files from CPA (Codex Provider Agent). - Checks quota status and disables files with 401 errors, with double verification before deletion. - Provides user-friendly commands for setup, status monitoring, cleaning, and automated monitoring modes. - Generates detailed human-readable and JSON reports. - Zero dependencies; uses pure Python standard library. - Includes integration guide for scheduled operation and Nanobot workflows.

元数据

Slug codex-cleaner

版本 1.0.3

许可证 —

累计安装 0

当前安装数 0

历史版本数 4

常见问题