The Codex plugin bridges Claude Code and Codex CLI so plan reviews, completion checks, and code reviews can run without manually copy-pasting between two terminals. Source: tvishwanadha/skills/plugins/codex. It used to live in the now-retired codex-skills repo before the marketplace absorbed it.
Rationale
While adding Codex as an MCP server to Claude Code was straightforward, the conversation ID needed to reply and continue a thread was not available in the message body. Luckily, the conversation ID is the session ID used by the interactive CLI and session IDs can be found on disk, so the skill carried handshaking instructions to recover the ID at the start of each session. Though it took two attempts, OpenAI eventually added it to the response as the threadId so the handshaking step was no longer needed.
As a result, the primary reason for the codex skill these days is that it navigates other frustrating nuances like sandbox permission workarounds.
The rest of the plugin offers a standalone review skill with three review workflows (plan, completion, code) and a read-only review agent that can be used by the reviewer framework via the review-codex extra.
Plugin Overview
- Codex skill - non-user-invocable reference for the rest of the plugin: MCP tool usage, thread configuration, and lifecycle.
- MCP config - runs
codex mcp-serverand exposes its tools. - Review skill - three review workflows: plan, completion, and code.
- Review agent - used by the reviewer framework; also useful for backgrounding a review.
Shortcomings
Both of these are things the skill navigates around rather than solves.
Codex CLI permissions
The skill always passes approval-policy: never because letting Codex prompt for shell approval would deadlock the session - Claude Code didn’t support elicitation and the response shape didn’t conform to the spec anyway. Elicitation may finally be unblocked between openai/codex#10200 and Claude Code 2.17.6, but it’s brand new and the skill still avoids it.
The sandbox tiers are the other permission friction - frustratingly coarse and locked in at thread start. There’s no way to grant Codex network access - even for a quick docs lookup - without picking workspace-write, which also turns on filesystem writes and shell execution. Without elicitation to bump the tier mid-thread, getting it wrong means losing the entire thread. And even workspace-write has its own surprises: git commands sometimes fail, claiming to be unable to modify the .git folder.
Latency
Codex is slow - even in a reviewer framework fan-out, it’s typically the slowest piece, since it runs a full review pass while the other agents focus on a single concern each. Dispatching it as a subagent keeps the main thread free, and the wall-clock cost ends up being the slowest agent rather than the sum of all of them.