Cookie Alive Pro
v1.0.0Persist, refresh, and serve website session cookies through a local SQLite-backed cookie store. Use when Codex needs to keep authenticated cookies alive by c...
⭐ 0· 43·0 current·0 all-time
byXinhai Zou@seanmwx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (persist, refresh, serve cookies) matches the included scripts: a CLI that stores profiles in SQLite under ~/.cookie_alive, performs deterministic HTTP refresh requests, merges Set-Cookie updates, and returns cookies as a header/JSON/record. No unrelated cloud credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and references describe only cookie storage/refresh/export operations and match the code. The examples run the CLI via subprocess and provide a local HTTP wrapper that exposes routes (/pull, /check, /list). That wrapper defaults to 127.0.0.1 but can be configured to bind elsewhere — if started on a public interface it could leak cookies. The runtime also writes databases under a home path (default ~/.cookie_alive), which is expected but means sensitive data is persisted to disk.
Install Mechanism
No install spec and no external downloads. The skill is instruction/code-only and does not fetch or execute remote archives or third-party packages during installation. This minimizes install-time risk.
Credentials
The skill does not require secret environment variables or external credentials. It supports optional env overrides (COOKIE_ALIVE_HOME, SESSION_COOKIE_ONLINE_HOME, COOKIE_ALIVE_DB_NAME) which are reasonable. However, the tool persists sensitive cookie values in SQLite files under the resolved storage root; users should treat these as secrets and protect them accordingly.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It will create and update files under its own storage directory (~/.cookie_alive by default) but does not modify other skills or system-wide agent config. Autonomous invocation is allowed (platform default) but is not combined with other privilege escalations here.
Assessment
This skill appears to do what it claims, but it handles highly sensitive data (session cookies). Before installing or running it: 1) Recognize that cookies stored under ~/.cookie_alive are secrets—restrict filesystem permissions, consider using a dedicated user or encrypted volume, and delete databases when no longer needed. 2) The examples include a local HTTP wrapper that defaults to 127.0.0.1 (safe) but can be bound to other interfaces—do not bind it to a public interface or network you do not control, or you will expose cookies. 3) The tool will make outbound HTTP requests to whatever refresh_url you configure—ensure those URLs are trusted and that you aren’t inadvertently sending cookies to an attacker-controlled endpoint. 4) Review/scan the included scripts before use and run in a least-privilege environment (container or separate account) if you are concerned. 5) If you need stronger protection for stored cookies, add encryption at rest or avoid persistent storage and instead keep cookies in a more secure credential store.Like a lobster shell, security has layers — review code before you run it.
latestvk976n0mp20010hwy1ne6wfctn1840n9s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.