What is the codex-cli skill?

A skill that executes tasks using the Codex CLI and maps requests to the least-privilege tier, gating higher-risk actions behind approval.

When is approval required?

Approval is required for Editor (Tier 1) and Autonomous (Tier 2) tasks; Tier 0 requires no approval.

What flags correspond to each tier?

Tier 0 uses codex -q, Tier 1 uses codex --auto-edit, Tier 2 uses codex --full-auto. Always avoid dangerous auto-approves and escalate if unsure.

codex-cli

npx machina-cli add skill yu-iskw/coding-agent-skills/codex-cli --openclaw

Files (1)

SKILL.md

3.3 KB

executing-codex

Purpose

Use this skill to perform coding tasks, research, or system analysis using the codex CLI. This skill follows the Principle of Least Privilege by automatically mapping requests to the safest possible profile and gating dangerous operations behind user approval.

Permission Tiers

Tier	Profile	Capability	Approval Required	Typical Tasks
0	`readonly`	Read files, live search, analysis.	No	Research, code review, explanation.
1	`editor`	File edits, cached search.	Yes	Refactoring, bug fixes, formatting.
2	`autonomous`	Edits + Sandbox commands.	Yes	Testing, building, dependency updates.

Implementation Workflow

1. Quota Verification (Optional but Recommended)

Before initiating tasks, verify the remaining message quota to avoid session suspension.

Tools: Check codex cloud status (if applicable) or refer to the ChatGPT plan limits.
Constraints:
- Rolling 5-hour window: ~30-150 messages (Plus) or ~300-1500 messages (Pro).
- Heavy local usage reduces available cloud task quota.

2. Analyze & Classify

Analyze the user's intent to determine the required permission tier.

Tier 0: Does the task only involve reading code or searching for information?
Tier 1: Does the task involve modifying files but no command execution?
Tier 2: Does the task require running tests, build scripts, or managing dependencies?

2. Approval Protocol

If the task maps to Tier 1 or Tier 2, you MUST obtain user approval before executing the codex command.

Use the AskQuestion tool to confirm:

"I've detected that this task requires [Editor/Autonomous] permissions to [modify files/run commands]. OK to proceed?"

3. Execution

Execute codex using the flags corresponding to the tier.

# Tier 0 (Read-only)
codex -q "<prompt>"

# Tier 1 (Editor)
codex --auto-edit "<prompt>"

# Tier 2 (Autonomous)
codex --full-auto "<prompt>"

Security Rules:

NEVER use --dangerously-auto-approve-everything.
ALWAYS use the most restrictive flags possible.
If you are unsure, default to Tier 0 (-q) and escalate only if codex reports it cannot complete the task.

Configuration

This skill leverages native codex CLI flags to enforce the permission tiers. No additional configuration files are required.

Examples

Research (Tier 0)

User: "What are the latest best practices for Python packaging in 2026?" Action: Execute codex --profile readonly "..."

Refactor (Tier 1)

User: "Rename the 'User' class to 'Account' across the whole repo." Action:

Request approval for editor profile.

Execute codex --profile editor "..."

Automated Testing (Tier 2)

User: "Run the test suite and fix any failures found." Action:

Request approval for autonomous profile.

Execute codex --profile autonomous "..."

Source

git clone https://github.com/yu-iskw/coding-agent-skills/blob/main/skills/codex-cli/SKILL.mdView on GitHub

Overview

Uses the codex CLI to perform coding tasks, research, or system analysis. It automatically maps requests to the safest privilege tier (readonly, editor, or autonomous) and gates dangerous actions behind explicit user approvals.

How This Skill Works

It analyzes the user intent to classify the required tier, prompts for approval when Tier 1 or Tier 2 is needed, and executes codex with the corresponding flag: -q for read-only, --auto-edit for editor, and --full-auto for autonomous. Security rules prohibit dangerous auto-approves and always escalate if unsure.

When to Use It

Research latest practices or read code without making changes.
Refactor, edit files, or apply non-destructive formatting after editor approval.
Run tests, build scripts, or manage dependencies with explicit consent.
Inspect code for security concerns or architecture reviews without modifying code.
Format code or apply small refactors after editor sign-off.

Quick Start

Step 1: Analyze the request and determine the required tier (readonly/editor/autonomous).
Step 2: If needed, request explicit approval before proceeding (AskQuestion).
Step 3: Run codex with the matching flag and monitor results; follow security rules.

Best Practices

Always start at Tier 0 to confirm scope.
Obtain explicit approval for Tier 1 or Tier 2 tasks via AskQuestion.
Use the tier-appropriate codex flag: -q for read-only, --auto-edit for editor, --full-auto for autonomous.
Never use --dangerously-auto-approve-everything; escalate if unsure.
Verify results and be prepared to revert changes if issues arise.

Example Use Cases

Research the latest Python packaging best practices (Tier 0).
Rename a class across the repo after editor approval (Tier 1).
Run the test suite and fix failures with autonomous permissions (Tier 2).
Audit a dependency for security concerns without modifying code (Tier 0).
Apply formatting or small refactors after editor sign-off (Tier 1).

Frequently Asked Questions

Add this skill to your agents