Codex Sessions Manager
PassAudited by ClawScan on May 11, 2026.
Overview
This skill is purpose-aligned for managing local Codex session history, but users should be aware it installs an external CLI/MCP tool and can read, export, rewrite, delete, restore, or purge local Codex data.
Before installing, make sure you trust the npm package and intend to let an agent manage files under your Codex root. Use previews first, prefer trash over permanent deletion, confirm the exact session IDs and root path, and treat exported or displayed session history as potentially sensitive.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives external npm code the ability to run locally and manage Codex session files.
The skill instructs users to install a global npm package that provides the actual CLI and MCP server. The provided skill artifacts contain documentation but not the runnable implementation, so the scanner cannot verify that package code here.
npm install -g codex-sessions-manager
Install only from the intended npm/GitHub source, consider pinning a trusted version, and review the package if using it on sensitive Codex history.
A confirmed delete, purge, restore, or cleanup command can alter or remove local Codex session records.
The skill exposes destructive session-management operations. They are purpose-aligned and documented as confirmation-gated, but misuse or confirming the wrong session IDs could permanently remove data.
`delete --yes` | `delete_sessions` with `confirm=true` | Permanently removes live session surfaces
Use preview mode first, prefer recoverable trash deletion, verify session IDs and roots, and only confirm destructive actions after reviewing the planned changes.
Listing, showing, exporting, or restoring sessions may expose private past conversations, project details, commands, or logs to the current agent workflow.
The skill works directly with stored Codex conversation history and related local execution/session artifacts. This is expected for the purpose, but those records may contain sensitive content or old instructions.
`~/.codex/` ... `sessions/` ... `history.jsonl` ... `logs_N.sqlite` ... `shell_snapshots/`
Treat retrieved sessions as untrusted historical data, avoid exporting sensitive sessions unnecessarily, and review backup/output locations before sharing them.
Any agent configured to use the MCP server may be able to inspect or export local Codex sessions and request confirmed write operations.
The skill can expose Codex session-management functions through a local stdio MCP server for agent use. The artifacts state destructive tools require confirmation, but MCP configuration still gives trusted agents direct access to local session data.
MCP server — AI agents (Claude Code, Codex, Kiro) manage sessions directly
Configure the MCP server only for trusted local agents and review any agent request that reads sensitive sessions or asks to confirm deletion, restore, purge, or cleanup.