LIVEOne real theme. Eight visual directions. Every claim labeled. See what is verified →

Safety review / Core 0.3.0

Reversible does not mean risk-free.

CodeDrobe has a substantially safer architecture than patching app.asar, but it still opens a powerful local debugging surface. This page separates confirmed controls from assumptions.

Confirmed

Theme packages are declaration-only: manifest, CSS, copy and embedded images.

Confirmed

Core does not patch the Codex app bundle or app.asar.

Confirmed

Probe is read-only and required landmarks can block incompatible injection.

Caveat

A loopback CDP port is reachable by local processes and is not an authenticated trust boundary.

Caveat

Theme CSS may be fragile after app updates; non-blocking selector warnings still matter.

Platform

macOS Codex has a current published verification; Windows remains beta pending published hardware verification.

What each boundary actually protects

Package boundary

Core rejects theme JavaScript, external CSS resources and unsupported assets. This reduces supply-chain capability, but CSS can still disrupt layout and must be inspected.

Network boundary

CDP should bind to 127.0.0.1. That blocks direct LAN/internet access, not access from other software already on the machine.

Application boundary

The installed binary stays untouched. For Codex base themes, Core manages three appearance keys under [desktop] and keeps a transactional backup.

Compatibility boundary

probe checks adapter landmarks and theme requirements before injection. verify checks installed identity, named images, required nodes, profile state and overflow after apply.

Lifecycle boundary

Existing applications are never restarted unless --restart-existing is explicit. A single Core-owned watcher should control a renderer.

Privacy boundary

DOM snapshots exclude text, form values, accessible names, links, media sources and query/hash data; visible elements are captured by default.

Recommended safety sequence

  1. 01
    Inspect the package

    Read id, version, targets, images and lint warnings.

  2. 02
    Launch deliberately

    Save work; close Codex yourself if needed; keep the port on loopback.

  3. 03
    Probe before apply

    Stop if adapter or required theme landmarks are missing.

  4. 04
    Verify both contexts

    Check home and a normal conversation, focus, scrolling and overflow.

  5. 05
    Restore when done

    Remove the renderer theme and restore managed host appearance settings.

The three commands to keep

Inspect
npx --yes --package=@codedrobe/core@0.3.0 codedrobe theme inspect ~/Downloads/kung-fu-womens-football.codedrobe-theme
Probe
npx --yes --package=@codedrobe/core@0.3.0 codedrobe probe --app codex --theme ~/Downloads/kung-fu-womens-football.codedrobe-theme
Restore
npx --yes --package=@codedrobe/core@0.3.0 codedrobe restore --app codex

This site’s own data boundary

CodexSkins.org is static and has no account system. It cannot see your Codex installation. Google Analytics and Microsoft Clarity are enabled for traffic and session insights, so browser and interaction data may be processed by those third parties. If that tradeoff is unacceptable, block those scripts or do not use the site.