Skip to main content
Installation

How Do I Use Skills In OpenAI Codex?

Current official Codex skills locations, installer flows, and what to do with third-party skills.

Short answer

Codex has a real skill system. According to the current OpenAI docs, Codex reads skills from repository, user, admin, and system locations, and OpenAI’s skill installer can add curated or external skills for you.

The safest path is to install a reviewed skill, keep it in the narrowest scope that makes sense, and restart Codex if the newly added skill does not appear immediately.

Recommended path

  1. 01

    Pick the right scope

    Repository skills live under .agents/skills in your repo. Personal skills live under ~/.agents/skills. Use repo scope for team workflows and user scope for personal defaults.

  2. 02

    Install with the built-in installer when possible

    Use $skill-installer for curated skills or for GitHub skill directories rather than hand-copying files into unknown locations.

  3. 03

    Restart Codex if a new skill does not appear

    The current docs note that Codex detects skill changes automatically, but restarting is still the fallback when discovery does not refresh quickly.

Where Codex looks for skills

OpenAI’s current skills guide documents four scopes: repository, user, admin, and system. Repository skills are discovered from .agents/skills directories up the repository tree. User skills live in $HOME/.agents/skills. System skills are bundled with Codex by OpenAI.

What the official install flow looks like

The official $skill-installer can install curated skills by name and can also fetch a skill from another repository when you provide the GitHub directory URL. That is materially better than a vague “clone this repo and hope” process because the skill system already understands how Codex expects skills to be arranged.

$skill-installer linear

$skill-installer install https://github.com/openai/skills/tree/main/skills/.experimental/create-plan

What to do with third-party skills

Aescut is useful here because Codex makes installation easy, which means trust decisions happen faster. Before installing a third-party skill, check who maintains it, whether it is pinned to a real repository, whether it includes scripts or extra assets, and whether its job could be accomplished with a safer built-in skill instead.

If a skill only gives instructions but still asks for broad shell or network behavior, treat that as a risk signal, not as “just markdown”.

Sources and further reading

Related questions

Skills And MCP Basics

What is an AI skill?

A practical definition of AI skills, how they are packaged, and where they fit in an agent workflow.

Security And Trust

Are skills safe to install?

Why the answer is “sometimes”, and what separates a safe install from a reckless one.

Aescut MCP

How do I install the Aescut MCP server?

What the Aescut installer actually does today, when to use the generic bundle, and how to wire the MCP manually.