Check OpenAI Codex CLI rate limit status (daily/weekly quotas) using local session logs. Portable Python script. Reads ~/.codex/sessions/ for quota data. Whe...
Security Analysis
high confidenceThe skill largely does what its description says, but it reads and temporarily overwrites your Codex auth files (credentials) while not declaring those config-path requirements in metadata — that's a risky behavior you should explicitly accept and verify before installing.
Name/description match the implementation: the script reads ~/.codex/sessions/ to extract rate limit data and optionally uses the codex CLI to refresh data. Required binaries (python3, codex) are appropriate for the stated purpose.
Runtime instructions and code explicitly read ~/.codex/sessions/, ~/.codex/accounts/*.json, and ~/.codex/auth.json and, when asked to check all accounts, temporarily overwrite ~/.codex/auth.json to switch accounts (then attempt to restore it). Overwriting credential files is within the scope of the described feature but is sensitive and the restore is 'best-effort' (exceptions could leave auth.json altered). The script also writes aggregated results to /tmp/codex-quota-all.json and runs `codex exec` to trigger fresh sessions — network activity via the codex CLI is expected for the --fresh/--all paths.
No install spec (instruction-only with an included script). Nothing is downloaded or executed from an external URL by the skill itself; the user installs/runs the script manually. This is the lower-risk install model.
The skill requires access to local Codex session and auth files (credentials) and will overwrite auth.json to switch accounts. However, the registry metadata lists no required config paths or credentials, creating an inconsistency: the skill does need filesystem access to ~/.codex, including sensitive auth data, which should have been declared. No environment variables are requested (which is appropriate), but local credential file access is substantial and must be explicitly acknowledged.
The skill does not request persistent 'always' privilege, which is good, but it does modify a credential file (~/.codex/auth.json) during normal operation. If the agent were allowed to invoke this skill autonomously, it could cause unexpected credential switching or transient exposure unless the user restricts autonomous runs. The restore behavior is best-effort and therefore not guaranteed in all failure scenarios.
Guidance
What to consider before installing/running this skill: - Understand the credential access: the script reads and will temporarily overwrite ~/.codex/auth.json to switch accounts (then attempts to restore it). Back up your ~/.codex/auth.json and ensure you can recover credentials if something goes wrong. - Metadata mismatch: the registry metadata did not declare required config paths, but the code clearly needs access to ~/.codex; treat that as an omission and be cautious about trusting the source. - Inspect the script yourself (or run it in a safe environment) before giving it access to your real Codex accounts. Verify the restore logic by testing with a disposable account or in a VM/container. - Prefer running the tool manually rather than allowing autonomous agent invocation, especially if you have multiple accounts or rely on the auth.json file for other processes. - The --fresh/--all options invoke the codex CLI, which may make network calls to OpenAI; ensure you expect that network interaction. - Check file permissions on ~/.codex and on any account files to limit exposure, and confirm /tmp/codex-quota-all.json contains only expected, non-secret quota summaries. Overall: the functionality is coherent with its description, but because it manipulates local credential files and the metadata omitted that fact, treat this as suspicious until you verify its behavior and back up your auth file.
Latest Release
v1.2.2
fix: use /Users/oliver/clawd for workspace root to preserve symlink paths
More by @odrobnik
Published by @odrobnik on ClawHub
