SkillSafe + Codex
Codex and other stdlib-compatible agents read from the shared ~/.agents/skills/ directory. SkillSafe installs here by default for tools that follow the agent conventions spec.
1. Set up SkillSafe
Paste this into Codex. The agent reads the skill definition and wires up the REST API for you — no CLI required, no dependencies.
Create skillsafe skill from https://skillsafe.ai/skill.md2. Scan before you install
Every shared skill on SkillSafe is already scanned, but you can re-verify any public GitHub repo yourself. No signup:
curl -X POST https://api.skillsafe.ai/v1/scan/github \
-H "Content-Type: application/json" \
-d '{"url":"https://github.com/owner/repo"}'You get findings across code execution, credential theft, prompt injection, network exfil, and supply-chain patterns. See the full ruleset →
3. Install into Codex
Skills for Codex live at ~/.agents/skills/ (or .agents/skills/ inside a project for repo-local skills). Download the archive and unpack it directly:
mkdir -p ~/.agents/skills/
curl -L "https://api.skillsafe.ai/v1/skills/@ns/name/download/1.0.0" \
| tar -xz -C ~/.agents/skills/Verify the skill landed:
ls ~/.agents/skills/4. Use the skill
Restart your Codex session so the skill loader sees the new directory, then reference it in a prompt. Example:
Use the code-review skill to review my staged changes.