Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
return spawn(invocation.command, invocation.args, {
Codex
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
const child = spawn(invocation.command, invocation.args, {
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const authToken = [REDACTED](config.authToken);
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const authToken = [REDACTED] ?? "";
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const apiKey = [REDACTED](resolveCodexAppServerSpawnEnv(params.startOptions, params.baseEnv ?? process.env, params.platform ?? process.platform), CODEX_APP_SERV...
VirusTotal
62/62 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.