ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

codex-history-manager

v1.0.0

Search, read, export, hand off, clone, move, or rebind local Codex history stored under ~/.codex. Use when the user wants to inspect past Codex sessions, bri...

1· 50·0 current·0 all-time
bySeverin Zhong@severinzhong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, SKILL.md, and the included Python scripts all focus on reading and mutating local Codex data under ~/.codex (state_5.sqlite and rollout JSONL). The requested/required resources (none) and provided code match the purpose; there are no unrelated credentials, network endpoints, or external services referenced.
Instruction Scope
Runtime instructions tell the agent to run the bundled CLI to search, export, clone/move, rebind provider metadata, and perform 'dangerous' history rewrites. The SKILL.md explicitly limits scope to ~/.codex and prescribes dry-run and explicit approval flows for destructive changes. This is coherent, but the skill does permit high-risk local modifications (rewriting transcript bodies) so users must follow the stated approval steps (plan → present changes in-chat → explicit approval → apply).
Install Mechanism
No install spec is provided (instruction-only at registry level), but the package includes Python scripts that can be executed directly. There are no external downloads or third-party install sources in the manifest. Running the CLI will execute local code included in the skill bundle.
Credentials
The skill requires no environment variables, no external credentials, and only accesses local Codex data paths (~/.codex) and a default backup directory inside the package tree. Requested access is proportional to the declared functionality. There are no unexplained SECRET/TOKEN/PASSWORD requirements.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does write backups and can mutate local files when run with --apply; those behaviors are documented in references/safety.md and guarded by dry-run and explicit-ack flags for dangerous edits.
Assessment
This tool appears to be what it says: a local CLI to inspect and manage Codex history under ~/.codex. Key precautions: (1) Review and run any destructive command with --dry-run first and inspect the generated plan file; (2) keep in mind apply-dangerous-edit can rewrite stored conversation text — follow the plan → present → explicit-approval → apply flow exactly; (3) backups are created by default under the package's backups/ directory—consider specifying --backup-root to a location you control; (4) the skill operates on local files only (no network calls in the included code), but these files may contain sensitive conversation data — only run it in a trusted local environment. If you want extra assurance, inspect the included scripts (scripts/codex_history_manager.py) before executing any write operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dp7rke7a7w0bk9t5g3n2v5n843wzm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments