codex-export
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill does what it says—exports local Codex session transcripts—but users should review the output because it can include private chat and tool output content by default.
This appears safe for its stated purpose. Before installing or using it, remember that Codex session transcripts can include private prompts, file contents, command output, and other sensitive details. Prefer --brief for a cleaner transcript and review the Markdown before sharing it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The exported transcript may contain sensitive prior chat content, file excerpts, command output, or instructions from a previous session; sharing or reusing it as agent context could expose or reintroduce that content.
The skill intentionally reads persistent local Codex session history and, by default, includes tool outputs in the generated Markdown transcript.
Export any Codex session (`~/.codex/sessions/**/*.jsonl`) ... Tool call outputs are included by default; use `--brief` to strip them
Use --brief when tool details are unnecessary, and review/redact the Markdown before sharing it or giving it to another agent.
The skill may fail or behave differently on systems without python3, and users should recognize that it runs an included local Python helper despite no binary requirement being declared.
The registry metadata does not declare a Python requirement, while the README and SKILL.md usage run `python3 .../scripts/export.py`.
Required binaries (all must exist): none ... Required binaries (at least one): none
Ensure python3 is available and inspect the included script if desired before using the export commands.