Codexmonitor
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: codexmonitor Version: 0.2.2 The skill bundle is designed to install and use `codexmonitor` via Homebrew to inspect local OpenAI Codex sessions. All instructions in `SKILL.md` and `SETUP.md` are straightforward, focusing on installation and usage of the `codexmonitor` tool. There is no evidence of prompt injection against the agent, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The access to `~/.codex/sessions/` is explicitly stated and directly aligns with the skill's stated purpose of monitoring Codex sessions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may bring private Codex session contents into the assistant conversation or command output.
The skill intentionally reads persistent local Codex session history, which may include sensitive prompts, code, outputs, or other private context.
Reads sessions from ~/.codex/sessions by default (or via CODEX_SESSIONS_DIR / CODEX_HOME overrides).
Use it only when you intend to inspect those sessions, prefer specific session IDs or scoped directories, and avoid sharing outputs that contain secrets or private code.
Installing the skill means trusting the Homebrew formula and binary provider for local file-reading behavior.
The skill depends on installing and running a binary from an external Homebrew tap rather than code included in the skill artifacts.
brew tap cocoanetics/tap brew install codexmonitor
Review the Homebrew formula or project repository before installing, and install only from a tap you trust.
If used unintentionally, it could modify an existing Codex session rather than merely inspect it.
This documented command is outside pure read-only monitoring and can append to or resume an existing Codex session if used.
Sessions can be resumed/appended by id via Codex: `codex exec resume <SESSION_ID> "message"`.
Use the resume command only when the user explicitly asks to continue a Codex session; otherwise keep interactions to list/show/watch inspection commands.