SkillProvenance Scan

Review guide

Codex Plugin Permission Scan for Install Gates

Scan Codex plugins and skills for tool access, file write boundaries, shell commands, network behavior, and permission changes before installation.

Open scan preview

What this search usually needs

A Codex plugin permission scan checks whether a plugin or skill asks for capabilities that match its real job. The goal is to catch broad file access, shell execution, package installation, outbound network calls, and credential dependencies before a plugin becomes available to a team.

Where it applies

  • A platform team wants to allow coding plugins without giving every plugin broad write access.
  • A developer reviews a plugin that includes setup scripts or command execution steps.
  • An organization needs a simple evidence packet for internal approval.

How to run the review

  1. Import the plugin directory or GitHub URL.
  2. Detect declared and implied tools, including shell, file writes, browser/network, package managers, and external APIs.
  3. Identify file path scope and whether writes are limited to the intended workspace.
  4. Compare the current package with the previous trusted version.
  5. Decide whether to approve, require changes, or hold for manual review.

Common risks to catch

  • Shell commands may install packages or modify environment settings.
  • File write scope can be broader than the task requires.
  • Network calls can move data into third-party systems that have not been reviewed.

Use SkillProvenance Scan for this review

SkillProvenance Scan packages Codex plugin permission findings into a permission diff table, install-risk summary, and allowlist status that teams can reuse.

Open scan preview View pricing plans