← 返回 Skills 市场

Codex Profile Orchestrator

Name: Codex Profile Orchestrator
Author: ugurinanc12

作者 UgurInanc · GitHub ↗ · v2.1.1 · MIT-0

cross-platform ⚠ suspicious

212

总下载

当前安装

版本数

在 OpenClaw 中安装

/install codex-profile-orchestrator

功能描述

deterministic openclaw codex profile failover for windows workspaces with duplicate detection, workspace variant aliases, quota-aware profile choice, telegra...

使用说明 (SKILL.md)

Codex Profile Orchestrator

Use this skill to manage multiple Codex OAuth profiles without a fuzzy AI loop.

Core resources

scripts/codex_profile_orchestrator.py contains the full orchestrator, reporting, and self-test flow.
scripts/install_codex_profile_orchestrator.py writes a Windows-friendly config and starter script into an OpenClaw workspace.
references/state-model.md explains how identities, variants, duplicates, and invalid streaks are tracked.

Recommended workflow

Install the config into the target workspace.
Run a dry run first and inspect the JSON payload.
Apply once.
Start daemon mode only after the dry run looks correct.

Rules

Treat internet or ChatGPT reachability failures as transport incidents, not as broken accounts.
Quarantine only 401, 403, 400, missing-token, or clearly expired-token profiles.
Keep weekly availability as a hard gate. Keep five-hour remaining as the primary tie-breaker for switching.
Detect same email plus same user plus same account as a duplicate.
Detect same email plus same user plus different account as a workspace variant and register it as ws2, ws3, and so on.
Sync Telegram and other OpenClaw session overrides to the selected profile.

安全使用建议

This skill will read local OpenClaw/Codex auth profiles (tokens), decode token payloads, and make HTTP requests using those tokens to the configured usage endpoint. That behavior is functionally required for quota-aware profile switching, but you should verify the endpoint and code before running with real credentials. Specifically: - Inspect the full scripts line-by-line (scripts/codex_profile_orchestrator.py and installer) to confirm where HTTP requests are sent and what fields are transmitted. - The bundled code uses USAGE_URL/probeUrl set to 'https://chatgpt.com/' and 'https://chatgpt.com/backend-api/wham/usage' — confirm that domain is expected and trustworthy for your environment (official OpenAI backend endpoints are typically under openai.com or chat.openai.com). - Run a dry-run in an isolated/test workspace with no real tokens and enable fixtures to observe behavior before letting it access live auth files. - If you plan to enable Telegram/session sync, verify how session tokens are read/written and whether any data is posted to third-party servers. - The visible code appears truncated in the manifest (a line ends with 'identiti...'), which could indicate an incomplete file or a bug; ensure you have the complete source before installing. - If you lack the expertise to audit the Python, consider running the skill in a sandbox or requesting a signed/verified binary from a trusted source. If you cannot verify the destination endpoints and full code behavior, avoid running the skill against a workspace containing live credentials.

功能分析

Type: OpenClaw Skill Name: codex-profile-orchestrator Version: 2.1.1 The Codex Profile Orchestrator is a utility designed to manage and rotate multiple OpenAI/Codex accounts within an OpenClaw workspace based on usage limits. It reads sensitive configuration files (auth-profiles.json, sessions.json) to extract OAuth tokens and update session overrides, but its logic is strictly aligned with its stated purpose of account failover and health monitoring. The script includes safety features such as token redaction in output, a dry-run mode, and network connectivity checks to prevent false-positive account quarantining, with no evidence of data exfiltration or unauthorized remote execution (scripts/codex_profile_orchestrator.py, scripts/install_codex_profile_orchestrator.py).

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The name and description claim to manage Codex/OpenClaw profiles, perform failover, detect duplicates, and sync sessions — the included scripts indeed read profile blobs, decode tokens, compute usage, write registry state, and provide a Windows starter script. That capability set is coherent with the stated purpose. However the skill also advertises 'telegram session sync' and 'network outage protection' and exposes notification/session hooks; those behaviors are plausible but expand the attack surface and should be expected by the user.

⚠ Instruction Scope

The runtime instructions and bundled code read local auth/profile data (tokens), decode JWT payloads, and make HTTP requests with Bearer tokens to an externally configured usage endpoint. While querying usage is required for quota-aware decisions, the SKILL.md and installer do not clearly document which external endpoints are authoritative. The manifest points usage/probe URLs to 'chatgpt.com' — an unexpected domain for OpenAI APIs — and the skill also advertises session/Telegram sync which may read or write session data. The SKILL.md is otherwise high-level and relies on the scripts; the code will access sensitive local files (auth profiles) and transmit token-bearing requests, so the instructions should explicitly disclose that.

✓ Install Mechanism

There is no network install step, no package download, and the project is instruction-first with bundled scripts. The provided installer only writes JSON config and a PowerShell starter into the target workspace — no obscure external installer or archive downloads were specified.

⚠ Credentials

The skill requests no environment variables or external credentials up front, but it reads local workspace auth/profile files and will include profile tokens in Authorization headers when calling the configured usage endpoint. That is proportionate to making usage checks, but the endpoint is not a clearly documented trusted host. The skill also decodes tokens (JWT payloads) and may sync Telegram/session targets; those operations involve sensitive secrets and should be justified and constrained. The package does not require or declare any external credentials but will access user tokens found in workspace files — users should treat this as access to highly-sensitive secrets.

✓ Persistence & Privilege

always:false and the installer writes only workspace-local config and a PowerShell starter. The skill stores its own registry/state files under the workspace state directory. It does not request system-wide privileges or force-enable itself. Autonomous invocation remains possible (default) but is not combined with any 'always' privilege here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install codex-profile-orchestrator
安装完成后，直接呼叫该 Skill 的名称或使用 /codex-profile-orchestrator 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.1.1

Prevent repeated low-limit Telegram alerts until threshold recovers

v2.1.0

Refined Windows profile orchestration with safer output handling, stable Telegram notifications, gap-aware workspace aliases, and machine-agnostic command resolution. Removed machine-specific fallback paths and polished failover behavior for cleaner publishing and safer multi-account rotation.

v1.0.5

codex-profile-orchestrator 1.0.5 - Added scripts/codex_profile_report.py to the repository. - Minor formatting updates in SKILL.md for improved readability. - No changes to core logic or behavior.

v1.0.4

Harden workspace variant recovery, add Telegram threshold and switch alerts, enrich new-account notifications, fix notification delivery timeout

v1.0.3

Fix workspace variant recovery, add threshold and switch Telegram alerts, enrich new account notifications, sanitize tests

v1.0.2

Harden failover logic for exhausted 5h quotas, improve daemon resilience, and add regression tests for profile selection/account separation.

v1.0.1

Fix profile quota reporting to expose 5-hour and weekly remaining percentages explicitly instead of only used percentages.

v1.0.0

Initial English release. Adds deterministic discovery, registration, quarantine, cleanup, session sync, and native Telegram notifications for OpenClaw Codex account orchestration.

元数据

Slug codex-profile-orchestrator

版本 2.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 8

常见问题