Codex Account Switcher

Name/description match the code: the script reads/writes ~/.codex/auth.json and ~/.codex/accounts/*.json and swaps active tokens. These operations are appropriate for an account-switcher.

SKILL.md instructs the agent to run the provided Python script and to invoke the Codex CLI (codex logout && codex login) when adding accounts. That is within scope for capturing sessions, but the skill will perform actions that affect the user's active authentication (overwriting auth.json and running logins). Non-interactive use is described (single-shot), which could still alter the user's session. Verify you want a tool that can overwrite active session tokens.

No install spec (instruction-only) and only a local Python script are included; nothing is downloaded at install time. This is low install-risk. The code appears to use only Python standard library modules per SETUP.md.

The registry metadata lists only python3 as a required binary, but SETUP.md and SKILL.md also require the 'codex' CLI in PATH for 'add' functionality. The skill handles highly sensitive data (auth tokens) but requests no environment variables — that's fine — however you should confirm the script does not transmit tokens externally. The code shown so far decodes JWTs and reads/writes local files; the rest of the file is truncated so network behavior is uncertain.

Skill is not forced-always-present (always:false) and has no special persistent privileges. It does write files under ~/.codex/accounts which is expected for its purpose; no evidence it modifies other skills or system-wide agent settings.