Local security checks for Codex and OpenAI developer environments on Windows.
Codex Token Guard looks for suspicious token-like values, risky local AI coding settings, and Codex/OpenAI-looking global npm packages that deserve manual verification. It is designed for developers who want a fast local safety check after installing Codex-related tooling, plugins, scripts, or packages.
AI coding tools create a new local attack surface:
- copied install commands from social posts,
- npm packages with convincing names,
- local config files that may contain credentials,
- plugin or MCP scripts that touch browser, shell, or account state.
This project does not claim to prove that a machine is safe. It gives you a quick local report so you can find obvious risks before sharing logs, publishing a repo, or continuing to use a suspicious setup.
Codex Token Guard is intentionally conservative:
- It does not upload files.
- It does not print full token values.
- It redacts secret-like matches in reports.
- It scans a small default scope unless you explicitly pass more paths.
- It does not delete, revoke, uninstall, or modify anything.
Run a default local check:
powershell -ExecutionPolicy Bypass -File .\scripts\codex-token-guard.ps1Check global npm packages with Codex/OpenAI-looking names:
powershell -ExecutionPolicy Bypass -File .\scripts\codex-token-guard.ps1 -CheckNpmScan a specific project or folder:
powershell -ExecutionPolicy Bypass -File .\scripts\codex-token-guard.ps1 -Path C:\path\to\projectGenerate a Markdown report:
powershell -ExecutionPolicy Bypass -File .\scripts\codex-token-guard.ps1 -Path C:\path\to\project -Format MarkdownCurrent checks include:
- OpenAI API-key-looking strings such as
sk-... - session-token-looking strings such as
sess-... - bearer-token-looking strings
- inline variables such as
OPENAI_API_KEY=...,AUTH_TOKEN=...,CLIENT_SECRET=... - global npm packages with names containing
codex,openai,chatgpt, orgptthat are not on a tiny official allowlist
The npm package check is not a malware verdict. It is a triage signal: verify the publisher, source repository, install command, package history, and security reports before trusting the package.
0: no high or medium findings2: at least one high or medium finding
If a real token was exposed:
- Revoke or rotate it first.
- Remove it from local files and git history if needed.
- Check whether the token was committed, logged, uploaded, or pasted into a public issue.
- Move future secrets to environment variables, ignored local files, or a secret manager.
If a suspicious package was found:
- Verify the package name and publisher.
- Check the source repository and install command.
- Search for recent security reports.
- Remove it if you cannot explain why it is installed.
- Pattern matching can produce false positives and false negatives.
- Redaction reduces leakage risk but does not make reports automatically safe to publish.
- This tool cannot confirm whether a token is valid.
- This tool cannot confirm whether an npm package is malicious.
- Large files and common dependency/build folders are skipped by default.
For Windows Codex plugin troubleshooting, see codex-windows-plugin-doctor.
MIT