Codex Profiler

Name: Codex Profiler
Author: deadlysilent

功能描述

Manage OpenAI Codex profiles via Telegram commands for usage checks and OAuth token refresh with queued safe apply and progress updates.

使用说明 (SKILL.md)

✅ Maintained path: use codex-profiler for all Codex profile operations. Standalone codex-usage and codex-auth skills are deprecated.

This skill consolidates both scripts:

scripts/codex_usage.py (usage/limits)
scripts/codex_auth.py (OAuth helper for start/status)

For auth/profile mutation, this skill now standardizes on gateway-native openclaw models auth ... commands.

Safe defaults

Usage checks are read-only by default.
Auth state is runtime-managed; one-shot direct file edits are unreliable and can be overwritten by in-memory/cooldown state.
Treat auth-profiles.json as gateway-managed state. Never mutate it directly in normal operations.
Prefer gateway-native auth mutation commands (openclaw models auth ..., openclaw models auth order ...) over script-level file writes.
Use dry-run/read-only preflight first, then apply, then verify (strict anti-drift flow below).
See RISK.md for allowed/denied operation boundaries.

Commands

Usage

/codex_usage → selector (default / all / discovered profiles)
/codex_usage \x3Cprofile>

Auth

/codex_auth → selector (profiles)
/codex_auth \x3Cprofile>
/codex_auth finish \x3Cprofile> \x3Ccallback_url> (helper only; profile/order mutation must use gateway-native commands)

UX requirements (cross-channel)

For /codex_usage, send immediate progress message first as a separate message:

"Running Codex usage checks now…"

Delivery rule:

If progress is sent through channel message tool path, send final result through the same path (same target/session), then return NO_REPLY.
Avoid mixed delivery (tool progress + plain reply final).

For auth/profile/order mutation, warn that writes are gateway-managed and enforce verify-after-apply:

"I will apply this via openclaw models auth ... and then verify with models status + auth order get."
"I won’t hand-edit auth files directly because runtime state can drift/overwrite one-shot edits."

Interaction adapter

If inline buttons are supported: use selector buttons.
If inline buttons are not supported: use text fallback prompts.
Apply duplicate-request suppression per user for ~20s.
Never echo full callback URLs in responses.

Profile removal policy (MANDATORY)

Best method (default): operational retire, not hard delete
- Remove the target profile from active provider order (openclaw models auth order set ...) so it is never selected.
- Keep profile data intact unless the user explicitly requests permanent deletion.
Hard delete only on explicit user instruction
- Perform permanent profile deletion only when the user clearly asks to hard delete/remove permanently.
- If gateway-native delete is unavailable in the installed OpenClaw version, do not improvise risky live edits; use a controlled maintenance window flow.

Strict anti-drift auth mutation flow (MANDATORY)

For auth/profile/order changes, use this exact 3-step flow:

Preflight (read-only)

openclaw models status --json
openclaw models auth order get --provider openai-codex --agent \x3Cagent-id>

Apply (gateway-native command)

openclaw models auth order set --provider openai-codex --agent \x3Cagent-id> \x3Cprofile1> \x3Cprofile2>
# or
openclaw models auth order clear --provider openai-codex --agent \x3Cagent-id>
# or provider login flow
openclaw models auth login --provider openai-codex

Verify (post-apply, no assumptions)

openclaw models status --json
openclaw models auth order get --provider openai-codex --agent \x3Cagent-id>

Never skip verification. If results mismatch expectation, do not hand-edit files; diagnose and re-apply via gateway-native commands.

How to run

# Usage checks (read-only)
python3 skills/codex-profiler/scripts/codex_usage.py --profile all --timeout-sec 25 --retries 1 --debug
python3 skills/codex-profiler/scripts/codex_usage.py --profile all --format text

# OAuth helper (callback parsing/status only)
python3 skills/codex-profiler/scripts/codex_auth.py start --profile default
python3 skills/codex-profiler/scripts/codex_auth.py status

Safety posture

No remote shell execution (curl|bash, wget|sh) is allowed by this skill.
No sudo/SSH/system-level host mutation commands are part of this skill path.
Usage checks are restricted to trusted HTTPS endpoint host allowlist (chatgpt.com).
Callback URLs and token material must be treated as sensitive and never echoed in full.

Multi-account rotation guidance

When asked about running multiple Codex accounts/profiles, rotation policy, or fallback strategy, read:

references/multi-account-rotation.md

Use the short template for quick chat answers and the deep-dive template for setup/troubleshooting requests.

Notes

Uses auth profiles at ~/.openclaw/agents/main/agent/auth-profiles.json by default.
Current source of truth is auth-profiles.json; auth.json is legacy compatibility and should not be used as primary state.
If profile routing behaves unexpectedly, check for mixed state (missing/stale auth-profiles.json, leftover legacy files, or stale runtime cooldown) before assuming model fallback bugs.
Same accountId across two profile labels is not automatically a defect. In this environment, multiple labels can map to the same workspace/account identity while still operating correctly. Treat it as healthy when both profiles are auth-valid and usable in /codex_usage; investigate only when auth failures or routing failures appear.
Codex usage endpoint: https://chatgpt.com/backend-api/wham/usage.
Usage script now surfaces 401 as auth_not_accepted_by_usage_endpoint with a clear hint, while still returning local profile health.
Usage output now includes top-level summary, formatted_profiles, and suggested_user_message for cleaner slash-command formatting.
Preferred strict output format for /codex_usage (single line per profile):
- 🟢 \%profile%` — 5h %5h_left% | week %week_left% | r5 %5h_reset% | rw %week_reset%`
- Use 🟠 when limited and 🔴 when unusable/auth-invalid.
- No preface, no table, no trailing summary unless explicitly requested.
OAuth flow: OpenAI auth endpoints + localhost callback on port 1455.
Preferred mutation path is gateway-native (openclaw models auth ... / openclaw models auth order ...) with mandatory preflight + verify.
codex_auth.py status --profile \x3Cprofile> remains useful for per-profile helper status checks.
Keep temporary payload/token artifacts only until verification succeeds, then clean them up.
Codex CLI installation is not required for usage endpoint reads in this skill path.

安全使用建议

This package broadly does what it says (usage checks and OAuth helper), but there are important inconsistencies and risky behaviors you should consider before installing or running it: - Inconsistency: SKILL.md says prefer gateway-native commands and avoid hand-editing auth files, yet the included scripts do direct writes to ~/.openclaw/auth-profiles.json and OPENCLAW config and create/execute shell scripts that copy/replace those files and restart the gateway. - System effects: The scripts call pkill, spawn openclaw-gateway via nohup or systemd-run, and write staged files in /tmp. These are system-level operations that can affect your running gateway and auth state—backup first. - Review & test: Inspect the full scripts yourself (or with a trusted engineer). If you plan to run mutation/apply actions, test in a non-production environment or on a throwaway agent account first. - Operational safeguards: Require manual confirmation before any 'apply' or 'hard delete' action, keep backups of ~/.openclaw/*, and prefer running usage-only/read-only commands initially. Consider disabling autonomous invocation for mutation paths or enforcing a human-in-the-loop confirmation (especially for deletes or gateway restarts). - Ask the author: Request clarification on why scripts perform direct file writes and gateway restarts despite the SKILL.md guidance; ask for a mode that strictly uses only the gateway-native CLI commands without direct file mutation. - Note about code quality: There are signs of sloppy/unfinished code (a truncated/misspelled token in the gateway-start section) that may cause runtime errors; this suggests the code may not have been thoroughly tested in your environment. If you do not trust the author or cannot safely test in a sandbox, avoid granting this skill the ability to perform apply/delete operations.

功能分析

Type: OpenClaw Skill Name: codex-profiler Version: 1.0.27 The skill is classified as suspicious due to shell injection vulnerabilities in scripts/codex_auth.py and scripts/codex_usage.py. User-controlled profile identifiers are interpolated directly into generated bash scripts (executed via systemd-run or nohup) within echo statements and log messages without proper shell escaping. While the skill's administrative functions—such as managing OAuth tokens, using pkill to restart the OpenClaw gateway, and modifying auth-profiles.json—are consistent with its stated purpose, the lack of input sanitization in script generation creates a significant security flaw. No evidence of intentional malice or data exfiltration was found.

能力评估

⚠ Purpose & Capability

Name/description align with the included scripts: usage checks against chatgpt.com and OAuth helper for Codex profiles in ~/.openclaw. However, SKILL.md repeatedly states gateway-native commands should be preferred and that auth files should not be hand-edited; the shipped scripts nevertheless directly write/overwrite auth-profiles.json and openclaw.json, and schedule on-disk shell scripts to copy/replace those files—an inconsistency between claimed approach and actual capability.

⚠ Instruction Scope

SKILL.md claims 'No remote shell execution' and 'Never mutate auth-profiles.json directly in normal operations', yet the scripts (codex_auth.py and codex_usage.py) read and write ~/.openclaw/*.json, create backups, build and execute shell scripts that cp files, run pkill, and restart/open openclaw-gateway via nohup/systemd-run. Those actions are outside the narrow scope of simple read-only usage checks and OAuth status queries described, and they perform system-level mutations without the SKILL.md appearing to require explicit user confirmation for all cases.

ℹ Install Mechanism

There is no install spec (instruction-only skill) which lowers supply-chain risk, but the bundle includes substantial Python scripts that will execute local system commands when run. Because code will be executed directly, lack of an install step does not imply lack of side effects—the code itself performs file/system changes.

ℹ Credentials

The skill requests no external credentials and operates on local OpenClaw config/auth files in the user's home directory and /tmp. Access to ~/.openclaw/auth-profiles.json and the ability to restart or spawn the openclaw-gateway are expected for a profile management tool, but these are high-privilege actions (can replace auth data and restart gateway) and exceed mere read-only checks. No unrelated environment variables or external credentials are requested.

⚠ Persistence & Privilege

The skill does not request always:true, but the code writes backups and staged auth files under /tmp, spawns off-host scripts (systemd-run / nohup), and forcibly kills/starts gateway processes (pkill, openclaw-gateway). Those actions grant the skill effective system-level influence while running and increase the blast radius if invoked autonomously. Consider requiring explicit manual approval for apply/delete operations.

版本历史

v1.0.27

Clarify that shared accountId can reflect workspace-linked identity and is not automatically a fault when profiles remain auth-valid/usable.

v1.0.26

Default /codex_usage strict compact emoji-line output with reset tags; improved slash-format consistency.

v1.0.25

Enforce gateway-native auth mutation flow (preflight/apply/verify), set default to operational retirement via auth order, and require explicit user instruction for hard delete.

v1.0.24

Wire delete mutation into strict off-host apply flow: requires explicit gateway-restart acknowledgement, queues detached stop/write/start runner (systemd-run preferred, nohup fallback), and adds unsafe-direct escape hatch only by explicit flag. Updated skill UX guidance to require restart warning + permission before mutation.

v1.0.23

Enforce strict auth mutation process by default: finish now uses off-host queue apply flow (stage -> stop gateway -> write -> start -> verify), preferring systemd-run detached units with nohup fallback. Added explicit unsafe-direct escape hatch and kept target-scoped anti-drift safeguards.

v1.0.22

Extend mutation safeguards: enforce target-scoped profile writes and abort on cross-profile drift (profile_drift_detected). Keeps non-target profiles untouched during auth/config/apply flows.

v1.0.21

Add default-profile mutation safeguard: codex_auth start/finish/apply now refuse openai-codex:default unless --allow-default is explicitly provided. Documented queue-apply status paths and protected-default policy for safer multi-profile operations.

v1.0.20

Hardened auth apply UX: queued apply now stages config/auth writes before restart, emits per-profile status/log/script paths, and supports status --profile to avoid stale global status confusion. Added operational notes for preserving temp token payload until post-restart smoke check passes.

v1.0.19

Fix usage-state rendering: derive Usable/Limited from live WHAM report + max-window evidence to avoid stale-looking icons; show 'not reported' when a short window is absent (e.g., free plan weekly-only).

v1.0.18

Mark codex-profiler as sole maintained codex skill; standalone codex-usage/codex-auth deprecated.

v1.0.17

Consolidate codex_usage delivery fix: same-path progress+final channel delivery and NO_REPLY after tool-delivered final response.

v1.0.16

Consolidated strict newline output format in usage reports: no pipe separators, blank line between profile blocks.

v1.0.15

Improve visual strict output: newline-only profile blocks (remove pipe separators) and maintain blank-line separation between profiles.

v1.0.14

Improve /codex_usage visual consistency: strict per-profile blocks, reset date format dd/mm/yyyy, hh:mm, and time-left fields (x Days, y Hours, z Minutes) for quota windows.

v1.0.13

Clarify remaining quota in /codex_usage templated profile lines by appending 'left' to remaining percentages.

v1.0.12

Add strict text renderer mode (--format text) for /codex_usage responses with progress-first messaging and stable templated profile lines using remaining percentages.

v1.0.11

Align /codex_usage response contract with consistent templated profile output, add formatted_profiles/progress_message fields, and require progress-first messaging before final results.

v1.0.10

Apply usage preflight fix to classify 401/403 correctly, add summary/suggested_user_message output for command adapters, and update docs for cleaner slash response rendering.

v1.0.9

Apply usage preflight fix to classify 401/403 correctly, add summary/suggested_user_message output for command adapters, and update skill docs for cleaner slash response rendering.

v1.0.8

Consolidated usage/auth fixes: explicit WHAM 401/403 classification with local-health fallback, updated docs clarifying no Codex CLI requirement for usage checks, and added multi-account rotation reference with short/deep response templates.

元数据

Slug codex-profiler

版本 1.0.27

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 28

常见问题

Codex Profiler 是什么？

Manage OpenAI Codex profiles via Telegram commands for usage checks and OAuth token refresh with queued safe apply and progress updates. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 586 次。

如何安装 Codex Profiler？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codex-profiler」即可一键安装，无需额外配置。

Codex Profiler 是免费的吗？

是的，Codex Profiler 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Codex Profiler 支持哪些平台？

Codex Profiler 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Codex Profiler？

由 DeadlySilent（@deadlysilent）开发并维护，当前版本 v1.0.27。