This repository stores Codex skills for team sharing, with a mandatory public-sanitization pipeline before publishing.
skills/published skill directoriesskills/manifest.ymlpublished skill inventoryscripts/install, update, sanitize, scan, and validate tooling.github/workflows/public-sanitize-validate.ymlCI gatepublic-staging/sanitized pre-publish staging outputAGENTS.mdcontributor and automation operating contract.claude/shared/git submodule with shared Claude Code agents, commands, and hooks (see Cloning)
This repo includes a git submodule at .claude/shared that pulls in
shared Claude Code tooling from
olegiv/claude-code-support-tools.
Clone with submodules:
git clone --recurse-submodules https://github.com/olegiv/codex-skills.gitIf already cloned without --recurse-submodules:
git submodule update --init --recursiveTo pull the latest submodule commit:
git submodule update --remote --mergeInstall all enabled skills into your Codex home:
./scripts/install.sh --skills allInstall selected skills only:
./scripts/install.sh --skills drupal-sdc-figma-parity
./scripts/install.sh --skills claude-codex-dual-passUpdate linked/copied skills and run validation:
./scripts/update.sh --skills allUninstall one skill from local Codex home:
rm -rf "$CODEX_HOME/skills/<skill-name>"The repo is publishable only if scanner and validator pass.
Forbidden in published content:
- absolute local paths (
<local-home>/...,<local-temp>/...) - internal identifiers (hostnames, project IDs, usernames)
- concrete token/secret/password values
Allowed:
- placeholder variables such as
$CODEX_HOME,<repo-root>,<username> - placeholder secrets such as
<your-token> - env var names such as
FIGMA_OAUTH_TOKEN
Use these placeholders in docs and scripts:
~/.codexor$CODEX_HOMEfor Codex home<repo-root>for repository root paths<project-id>for project identifiers<username>for local usernames
Sanitize source skills and docs into staging:
./scripts/sanitize_public.sh \
--source "$HOME/.codex/skills" \
--source "<repo-root>/dev/AI/codex" \
--dest "<repo-root>/dev/AI/codex-skills/public-staging/skills" \
--fail-on-hitRun scanner manually:
./scripts/scan_public_risks.sh --path public-staging/skillsUser-, org-, and project-specific sanitization rules must stay in ignored local files:
scripts/sanitize/local.rules.txtfor extra Perl rewrite rulesscripts/sanitize/local.denylist.txtfor extra scan patterns
Run validation manually:
./scripts/validate.shIn a consumer project:
git submodule add <git-url> dev/AI/codex-skills
./dev/AI/codex-skills/scripts/install.sh --repo-root "$PWD/dev/AI/codex-skills" --skills all- Add/remove skill directory under
skills/. - Update
skills/manifest.yml. - Run
./scripts/scan_public_risks.sh --path skills. - Run
./scripts/validate.sh. - Open PR and ensure CI passes.
Use $drupal-sdc-figma-parity. Run workflow for this Figma node URL.
Claude Code + Codex dual-pass examples:
cc /finalize full
cc /project:test accept
cc /user:security-audit read-only
The claude-codex-dual-pass skill includes helper scripts for projects
that want the shared cc workflow in their own AGENTS.md.
Check whether a project already has the managed snippet:
$CODEX_HOME/skills/claude-codex-dual-pass/scripts/check_agents_snippet.sh <project-root>Insert or update the managed snippet explicitly:
$CODEX_HOME/skills/claude-codex-dual-pass/scripts/apply_agents_snippet.sh <project-root>- Skill not visible in Codex:
- ensure it exists under
$CODEX_HOME/skills - restart Codex or open a new session
- ensure it exists under
- Stale symlink:
- rerun
./scripts/install.sh --skills <name>
- rerun
- Scanner failures:
- run
./scripts/scan_public_risks.sh --path <path>and replace hits with placeholders
- run
This repository is licensed under GNU General Public License v3.0
(GPL-3.0-or-later).
See LICENSE for the full text.