Codexmonitor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may bring private Codex session contents into the assistant conversation or command output.
The skill intentionally reads persistent local Codex session history, which may include sensitive prompts, code, outputs, or other private context.
Reads sessions from ~/.codex/sessions by default (or via CODEX_SESSIONS_DIR / CODEX_HOME overrides).
Use it only when you intend to inspect those sessions, prefer specific session IDs or scoped directories, and avoid sharing outputs that contain secrets or private code.
Installing the skill means trusting the Homebrew formula and binary provider for local file-reading behavior.
The skill depends on installing and running a binary from an external Homebrew tap rather than code included in the skill artifacts.
brew tap cocoanetics/tap brew install codexmonitor
Review the Homebrew formula or project repository before installing, and install only from a tap you trust.
If used unintentionally, it could modify an existing Codex session rather than merely inspect it.
This documented command is outside pure read-only monitoring and can append to or resume an existing Codex session if used.
Sessions can be resumed/appended by id via Codex: `codex exec resume <SESSION_ID> "message"`.
Use the resume command only when the user explicitly asks to continue a Codex session; otherwise keep interactions to list/show/watch inspection commands.