Local artwork processing
Selected images are decoded, previewed, cropped, encoded, hashed, and packaged in the browser.
Security model
A skin changes appearance. It should not carry executable code, model settings, API credentials, or silent installer behavior inside a decorative download.
Selected images are decoded, previewed, cropped, encoded, hashed, and packaged in the browser.
Exports contain images, JSON, text, and checksums. They do not contain scripts or executables.
The website does not run the platform engine. Users review and run that software locally.
A theme workflow is incomplete until its verification and restore entries have been tested.
Loopback limits network exposure, but Chromium CDP does not provide same-user authentication. Avoid untrusted local programs while a themed debugging session is active.
Codex UI changes can make injected CSS inaccurate or hide important states. Verify after every significant app or engine update.
A technically safe package can still violate copyright, personality, trademark, or contract rights when shared or sold.
A visual match is not enough. Native buttons, menus, project controls, task content, and the composer must remain interactive.
manifest.json — package identity, file list, and safety flags theme.json — crop, opacity, blur, variant, and color values background.webp — locally cropped background image preview.png — locally rendered review image checksums.json — SHA-256 values for the main files README.txt — install boundary and restore reminders LICENSE.txt — artwork and trademark rights reminder
Email support@codexskinmaker.com with the affected page, browser, operating system, reproduction steps, and expected result. Do not attach API keys, authentication files, confidential artwork, or private Codex screenshots.