Skip to content

codex-mcp-server.md

Latest commit

 

History

History
129 lines (82 loc) · 3.91 KB

codex-mcp-server.md

File metadata and controls

129 lines (82 loc) · 3.91 KB

🔴 codex-mcp-server

MCP server wrapper for OpenAI Codex CLI that enables Claude Code to leverage Codex's AI capabilities directly.

Field Value
Grade D
Risk Score 65
Version 1.4.3
Vendor tuannvm
Stars ⭐ 444
npm Package codex-mcp-server
npm Downloads (30d) 9.3k
Language TypeScript
Source codex-mcp-server
Scan Date 2026-05-04
Scanner tooltrust-scanner/v0.3.9

Findings Summary

Severity Count
Critical 1
High 3
Medium 2
Low 2
Info 0

Detailed Findings

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares exec permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔴 ⚡ AS-006 — Arbitrary Code Execution

Severity: Critical

Description: tool name or description implies arbitrary script/code execution (evaluate_script, execute javascript, etc.)

Recommendation: This tool can execute arbitrary code or shell commands on the host system. Remove it unless strictly required. If kept: (1) restrict access to trusted users/agents only, (2) require human approval before each invocation (Claude Desktop: set approval_required: true; other clients: enable equivalent confirmation), (3) use the most restrictive sandbox or read-only mode available, and (4) never expose this tool to untrusted input sources.

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

🟡 🔑 AS-002 — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 AS-002 — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

Scored using ToolTrust methodology · Raw JSON report