Back to skill

Security audit

codex-history-manager

Security checks across malware telemetry and agentic risk

Overview

This is a local Codex history management tool whose sensitive access is disclosed and aligned with its purpose, though exports, backups, and apply operations need care.

Install only if you want an agent to work with your local Codex history. Treat exports, handoff files, and backups as potentially sensitive because they can include full conversation text, workspace paths, and metadata. Run dry runs before any write, review affected thread counts carefully, avoid global provider changes unless intentional, and require explicit approval before applying any dangerous history rewrite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation exposes commands that can reassign thread/workspace/provider metadata across histories with `--apply`, but it does not clearly warn that these operations can alter provenance, break auditability, or cause users to lose track of which workspace/provider a history belongs to. In a history-management skill, that omission is risky because users may treat these as routine administrative actions and perform broad, irreversible changes without understanding the consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export and handoff commands write full or substantial transcript content, workspace paths, and metadata directly to arbitrary output files without any sensitivity warning, redaction option, or destination safety checks. Because Codex history may contain secrets, internal paths, tokens, or sensitive prompts, this can lead to unintended local disclosure or onward sharing when users export data into less protected locations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.