No third-party tool that touches a desktop app is "100% safe," and any site that tells you otherwise is selling, not informing. A Codex skin is genuinely low-risk when you understand the one real tradeoff and act on it — the local debugging port. This page lays out the actual threat model in plain terms: what the port exposes, who could theoretically abuse it, what the tool can and cannot reach (including why it structurally can't read your API keys), and why "Restore when you're done" is a security action, not an afterthought.
To style Codex at runtime, the skin launches it with a Chromium DevTools Protocol (CDP) endpoint on 127.0.0.1. Two facts, both true:
That's the entire security story in one paragraph. Everything else is how you manage it.
Who is the risk, and who isn't?
This is the same tradeoff any CDP-based devtool has. We state it because a tool that hides it is the one to worry about.
A skin is a CSS + DOM cosmetic layer in the renderer. That has real, structural consequences:
config.toml credentials.The engine uses runtime injection, not file patching. It does not:
.app bundle or app.asar,WindowsApps package,Because nothing on disk is patched, removal is complete and clean — there's no modified binary left behind.
Treat Restore as the action that closes the exposure window, not just a way to get the plain look back. Running Restore:
stops the injector,
closes the local CDP debugging session (shuts the port),
restores your saved appearance settings,
reopens Codex clean.
So "Restore when you no longer need the skin" is literally "close the debugging port when you're done." Make it a habit, especially on shared or work machines.
Trust, but verify:
Low-risk if you understand the one tradeoff — the local CDP port has no same-user authentication. Don't run untrusted local software while themed, and Restore when done.
No. Keys live in Codex's config/process, outside the styling layer; the engine has no pathway to them, and nothing is uploaded.
No. You download and run a pack locally; the website is not a remote controller.
No — runtime injection only. It never patches the .app, app.asar, WindowsApps, or the code signature.
Yes, marginally — a native codex-theme-v1 import uses no CDP and nothing to restore. If you want zero tradeoff, use a color theme.