Export

Security checks across malware telemetry and agentic risk

Overview

This is a local Codex conversation export helper, with the main caution that exported transcripts can contain sensitive chat content.

Install or run this only when you intend to create a local transcript of a Codex conversation. Review the exported Markdown before sharing it, and avoid exporting chats containing passwords, tokens, private code, or personal details unless you are comfortable with the file being stored under ~/Documents/Exports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script exports full user and assistant conversation content from local Codex session logs into a persistent Markdown file under ~/Documents/Exports without any built-in confirmation, warning, redaction, or scope limitation. Because conversations may contain secrets, personal data, proprietary code, or other sensitive material, silently writing them to a broadly accessible user documents directory increases the risk of unintended disclosure through local sharing, backup sync, indexing, or later exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal