Codex Sessions Manager
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: codex-sessions-manager Version: 1.0.3 The codex-sessions-manager skill is a legitimate utility designed to manage local Codex session history (stored in ~/.codex). It provides a CLI and MCP server to list, export, delete, and restore sessions across files, JSONL indexes, and SQLite databases. The bundle includes extensive safety documentation (SAFETY.md) and instructions (SKILL.md) that mandate user confirmation for destructive actions and implement a recoverable 'trash' system. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found; the tool's capabilities are strictly aligned with its stated purpose of session management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives external npm code the ability to run locally and manage Codex session files.
The skill instructs users to install a global npm package that provides the actual CLI and MCP server. The provided skill artifacts contain documentation but not the runnable implementation, so the scanner cannot verify that package code here.
npm install -g codex-sessions-manager
Install only from the intended npm/GitHub source, consider pinning a trusted version, and review the package if using it on sensitive Codex history.
A confirmed delete, purge, restore, or cleanup command can alter or remove local Codex session records.
The skill exposes destructive session-management operations. They are purpose-aligned and documented as confirmation-gated, but misuse or confirming the wrong session IDs could permanently remove data.
`delete --yes` | `delete_sessions` with `confirm=true` | Permanently removes live session surfaces
Use preview mode first, prefer recoverable trash deletion, verify session IDs and roots, and only confirm destructive actions after reviewing the planned changes.
Listing, showing, exporting, or restoring sessions may expose private past conversations, project details, commands, or logs to the current agent workflow.
The skill works directly with stored Codex conversation history and related local execution/session artifacts. This is expected for the purpose, but those records may contain sensitive content or old instructions.
`~/.codex/` ... `sessions/` ... `history.jsonl` ... `logs_N.sqlite` ... `shell_snapshots/`
Treat retrieved sessions as untrusted historical data, avoid exporting sensitive sessions unnecessarily, and review backup/output locations before sharing them.
Any agent configured to use the MCP server may be able to inspect or export local Codex sessions and request confirmed write operations.
The skill can expose Codex session-management functions through a local stdio MCP server for agent use. The artifacts state destructive tools require confirmation, but MCP configuration still gives trusted agents direct access to local session data.
MCP server — AI agents (Claude Code, Codex, Kiro) manage sessions directly
Configure the MCP server only for trusted local agents and review any agent request that reads sensitive sessions or asks to confirm deletion, restore, purge, or cleanup.