codex-supergraph Security Report — Trusted | ClawSafe

0 /100

codex-supergraph

Use when the user asks about token prices, charts, holders, trending tokens, pair data, prediction markets, or any on-chain analytics from Codex.

Pure documentation/reference skill providing Codex GraphQL query templates with no executable code, scripts, or hidden functionality.

Skill Namecodex-supergraph

Duration27.1s

Enginepi

✓

Safe to install

Approve for use. This skill only contains Markdown reference files and documented curl examples targeting a known public API.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in any file
Network	`READ`	`READ`	✓ Aligned	SKILL.md:36 — documents curl to https://graph.codex.io/graphql
Shell	`NONE`	`NONE`	—	No shell scripts or subprocess calls present
Environment	`NONE`	`READ`	✓ Aligned	SKILL.md:31 — reads $CODEX_API_KEY for Authorization header only
Skill Invoke	`NONE`	`NONE`	—	No skill invocation found
Clipboard	`NONE`	`NONE`	—	No clipboard access in any file
Browser	`NONE`	`NONE`	—	No browser automation present
Database	`NONE`	`NONE`	—	No database access in any file

9 findings

🔗

Medium External URL 外部 URL

https://graph.codex.io/graphql.

SKILL.md:6

🔗

Medium External URL 外部 URL

https://graph.codex.io/graphql

SKILL.md:32

🔗

Medium External URL 外部 URL

https://graph.codex.io/schema/latest.graphql

SKILL.md:34

🔗

Medium External URL 外部 URL

https://graph.codex.io/schema/latest.json

SKILL.md:35

💰

Medium Wallet Address 加密货币钱包地址

0x02227b8f5a9636e895607edd3185ed6ee5598ff7

references/prediction-markets.md:515

💰

Medium Wallet Address 加密货币钱包地址

0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2

references/query-templates.md:200

💰

Medium Wallet Address 加密货币钱包地址

0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2

references/query-templates.md:288

💰

Medium Wallet Address 加密货币钱包地址

0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045

references/query-templates.md:327

🔗

Medium External URL 外部 URL

https://docs.codex.io/mcp

references/tooling-and-mcp.md:10

File Tree

7 files · 42.6 KB · 1682 lines

Markdown 7f · 1682L

├─ ▾ 📁 references

│ ├─ 📝 apis.md Markdown 80L · 2.8 KB

│ ├─ 📝 endpoint-playbook.md Markdown 79L · 5.2 KB

│ ├─ 📝 gotchas.md Markdown 106L · 4.8 KB

│ ├─ 📝 prediction-markets.md Markdown 763L · 15.9 KB

│ ├─ 📝 query-templates.md Markdown 470L · 8.0 KB

│ └─ 📝 tooling-and-mcp.md Markdown 76L · 1.1 KB

└─ 📝 SKILL.md Markdown 108L · 4.8 KB

Security Positives

✓ No executable code — skill consists entirely of Markdown documentation files

✓ No scripts, dependencies, or package files present

✓ All network calls are explicitly documented and target a single known public API endpoint

✓ No credential exfiltration or harvesting beyond reading $CODEX_API_KEY for auth header

✓ No sensitive file or path access (no ~/.ssh, ~/.aws, .env access)

✓ No obfuscation, base64 payloads, or anti-analysis techniques

✓ No supply-chain risk — no external dependencies declared

✓ Crypto wallet addresses (Ethereum, Solana) are public blockchain addresses used as documented query examples

✓ Documentation is comprehensive, internally consistent, and matches stated behavior

Scan Report

File Tree

Security Positives