Latest release: v2026.5.28Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The package is @openclaw/codex, an official Codex app-server harness and model provider; spawning Codex, using filesystem/process/network primitives, model discovery, and Codex plugin integration fit that stated purpose.
Instruction Scope
The manifest exposes advanced controls for approval policy, sandbox mode, websocket auth, dynamic tools, and native Codex plugins; high-authority modes such as yolo/danger-full-access are configurable and purpose-aligned, not hidden.
Install Mechanism
The npm artifact has no lifecycle scripts or bin entry, uses a small declared dependency set, activates for Codex harnesses rather than on startup, and comes from the trusted OpenClaw publisher with clean VirusTotal telemetry.
Credentials
The plugin reads Codex state/auth context and may launch a Codex app-server, which is sensitive but proportionate for a Codex provider and migration tool.
Persistence & Privilege
It can write Codex/OpenClaw session and migration configuration and can install or enable curated Codex sub-plugins during explicit migration or computer-use flows; this is disclosed, but users should treat those flows as high-impact.
Scan Findings in Context
[SDI-4] expected: The cited permission modes, side-conversation tooling, migration behavior, and shared-channel secret warning reflect real high-authority Codex integration behavior, but the artifacts disclose these controls and generally keep them tied to user-directed Codex workflows.
[SDI-2] expected: Codex plugin activation and runtime refresh are present, but activation is limited to configured or migrated openai-curated plugin entries and native Codex plugins are not enabled by default on package install.
[SQP-2] expected: Filesystem, process, and HTTP primitives exist for the sandbox exec-server and Codex execution surface; they are expected for a code-agent harness and are guarded by sandbox/policy paths, with the experimental sandbox exec-server disabled by default.
Assessment
Install this only where you are comfortable giving Codex code-agent authority. Review approvalPolicy, sandbox, appServer, computerUse, and codexPlugins settings before enabling native plugins or migration, especially because migrated Codex plugin actions may allow destructive operations by default.dist/client-DMXvboVu.js:76
Shell command execution detected (child_process).
dist/conversation-binding-CC9XMAwn.js:619
Shell command execution detected (child_process).
dist/run-attempt-CuhGEh0u.js:2020
Shell command execution detected (child_process).
dist/config--tW89bHH.js:150
File appears to expose a hardcoded API secret or token.
dist/provider-catalog.js:58
File appears to expose a hardcoded API secret or token.
dist/provider-discovery.js:27
File appears to expose a hardcoded API secret or token.
dist/provider.js:56
File appears to expose a hardcoded API secret or token.
dist/request-CF4f5hWY.js:52
File appears to expose a hardcoded API secret or token.
dist/shared-client-Duh1bHaP.js:136
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.