← 返回 Skills 市场
1198
总下载
2
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install openai-codex-operator
功能描述
Run OpenAI Codex CLI from OpenClaw for coding tasks in a target project directory. Use when the user asks OpenClaw to use Codex for implementation, debugging...
安全使用建议
This skill appears to do only what it claims: run the local Codex CLI against a repository. Before installing or invoking it, ensure you understand that the Codex CLI will contact OpenAI and may send repository contents (including secrets or PII) to OpenAI; remove or redact sensitive files or use a sanitized checkout. Also confirm you trust the locally installed `@openai/codex` package and its authentication mechanism (ChatGPT login or API key) before granting access.
功能分析
Type: OpenClaw Skill
Name: openai-codex-operator
Version: 1.0.1
The skill bundle is classified as suspicious due to a clear shell injection vulnerability pattern. The `scripts/run-codex-example.sh` file directly uses unsanitized user input (`$TASK`) in a shell command (`codex exec "$TASK"`), which is a critical remote code execution risk. Furthermore, the `SKILL.md` instructions for the OpenClaw agent describe constructing commands like `exec.command: "codex exec \"<task>\""`. If the agent naively inserts user-provided task descriptions into this template without proper escaping, it would also lead to shell injection. While there is no evidence of malicious intent (e.g., data exfiltration, backdoors), these are significant vulnerabilities that allow for arbitrary command execution.
能力评估
Purpose & Capability
Name/description match the contents: SKILL.md, references, and example script all describe running the Codex CLI (codex / codex exec) in a specified workdir. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions stay within the stated purpose (running Codex in a target repo, foreground/background modes, polling). They do not instruct reading arbitrary system files or unrelated credentials. Note: the skill does not provide guidance about avoiding sending secrets to Codex — the CLI may transmit repository contents to OpenAI during its operation, so users should be warned to scrub sensitive data before running.
Install Mechanism
No install spec is provided (instruction-only), and the included script only instructs installing the official npm package (@openai/codex) if codex is missing. There are no downloads from untrusted URLs or extract actions.
Credentials
The skill declares no required environment variables or credentials. It does mention Codex/CLI authentication in references (ChatGPT login or API key), which is expected for this integration and is not requested by the skill itself.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and has no install-time persistence. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openai-codex-operator - 安装完成后,直接呼叫该 Skill 的名称或使用
/openai-codex-operator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Republish for discoverability check.
v1.0.0
Initial release: invoke OpenAI Codex CLI from OpenClaw with pty/workdir/background patterns.
元数据
常见问题
OpenAI Codex Operator 是什么?
Run OpenAI Codex CLI from OpenClaw for coding tasks in a target project directory. Use when the user asks OpenClaw to use Codex for implementation, debugging... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1198 次。
如何安装 OpenAI Codex Operator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openai-codex-operator」即可一键安装,无需额外配置。
OpenAI Codex Operator 是免费的吗?
是的,OpenAI Codex Operator 完全免费(开源免费),可自由下载、安装和使用。
OpenAI Codex Operator 支持哪些平台?
OpenAI Codex Operator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenAI Codex Operator?
由 saiph(@cecwxf)开发并维护,当前版本 v1.0.1。
推荐 Skills