
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
codex-cli-mcp-tool
Advanced tools
An MCP server that allows Claude Code to interact with the OpenAI Codex CLI. If you have a ChatGPT subscription and a claude code subscription, you can use this tool to get the benefits of both, as a $20 ChatGPT subscription gives you access to GPT-5 for free in Codex CLI.
Install Codex CLI (required):
npm install -g @openai/codex
Add to Claude Code using npx:
claude mcp add codex-cli-mcp-tool -- npx -y codex-cli-mcp-tool
Or install globally first:
npm install -g codex-cli-mcp-tool
Configure Authentication:
# Option 1: Use API key
export OPENAI_API_KEY=your-api-key
# Option 2: Login with ChatGPT account
codex login
Execute Codex with comprehensive parameter support for code analysis, generation, and assistance.
Parameters:
prompt
(required): Your query or instructionmodel
(optional): gpt-5 (default and only supported model)sandbox
(optional): read-only, workspace-write, danger-full-accessapproval
(optional): untrusted, on-failure, on-request, neverimage
(optional): Image file path(s) to includeconfig
(optional): Configuration overridestimeout
(optional): Maximum execution timeExample:
ask-codex "Explain this code: @main.py" sandbox="read-only"
Non-interactive Codex execution for automation workflows.
Parameters:
prompt
(required): Command or instructionmodel
(optional): Always gpt-5sandbox
(optional): Sandbox modetimeout
(optional): Execution timeoutApply the latest Codex-generated diff to your git repository.
Parameters:
dryRun
(optional): Preview changes without applyingvalidate
(optional): Validate before applyingping
: Test MCP connectionhelp
: Show detailed help informationversion
: Display version informationOPENAI_API_KEY=sk-... # OpenAI API key
CODEX_MODEL=gpt-5 # Default model
CODEX_SANDBOX_MODE=read-only # Default sandbox mode
[model]
provider = "openai"
default = "gpt-5"
reasoning_effort = "medium"
[sandbox]
default_mode = "read-only"
permissions = ["disk-read-access"]
[approval]
policy = "untrusted"
trusted_commands = ["ls", "cat", "grep"]
ask-codex "Review this function for security issues: @auth.py"
ask-codex "Generate unit tests for the User class" sandbox="workspace-write"
ask-codex "Fix the bug in login function" approval="on-request"
ask-codex "Create a new React component for user profile" sandbox="workspace-write"
ask-codex "Refactor this code to use async/await"
apply-diff validate=true
Codex CLI not found:
npm install -g @openai/codex
Authentication failed:
# Set API key
export OPENAI_API_KEY=your-key
# Or login
codex login
Permission denied:
Rate limits:
Enable debug logging:
DEBUG=true codex-cli-mcp-tool
git clone <repository>
cd codex-cli-tool
npm install
npm run build
npm run dev
npm test
npm run lint
This project is based on the excellent Gemini MCP Tool by jamubc. We adapted their architecture and patterns to create this Codex CLI integration.
MIT License - see LICENSE file for details.
FAQs
MCP server for OpenAI Codex CLI integration
The npm package codex-cli-mcp-tool receives a total of 51 weekly downloads. As such, codex-cli-mcp-tool popularity was classified as not popular.
We found that codex-cli-mcp-tool demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.