csk is a local skill manager for AI agent skills. It installs reusable skill
packages from local git repositories into your project repositories with
reproducible, content-hashed installs and multi-agent adapter support
(Claude Code, Codex CLI, Cursor, Gemini).
The original MVP design lives in docs/mvp-design.md; later RFCs supersede parts of it.
Agent skills are useful, but managing them across many projects by hand falls apart fast: drift between machines, no version pinning, README files and tests leaking into the agent context, no cleanup when a skill is removed.
CocoaSkill makes per-project skill installation declarative and reproducible:
- One
Skillfile.jsonper project, committed to version control. - Pinned git refs (tag / branch / revision) and content-hashed installs.
- A whitelist-based stripped layout — README, tests, build files, and other non-skill content stay out of the agent's context.
- One canonical location (
.agents/skills/) with per-agent adapter symlinks or copies into.claude/skills/,.codex/skills/,.cursor/rules/,.gemini/skills/. - Skill-provided command shims exposed via a project-local
.agents/bin/directory onPATH. - Optional global skills installed once under
~/.cocoaskills/global/and exposed to supported agents outside any project checkout.
Pick whichever fits your machine. pipx is the recommended path on every
platform.
pipx install cocoaskillsuv tool install cocoaskillsbrew tap ivanopcode/csk
brew install cocoaskillsmise use -g pipx:cocoaskills@latestcurl -fsSL https://cocoaskills.org/install.sh | shThe script detects Python, prefers pipx or uv tool, and falls back to
pip install --user. Read it before piping if you do not trust the network.
python -m pip install --user cocoaskills-
Pick or create a directory for skill git repositories. Example:
~/agents/skills/. Existing local skill repositories are read from this directory; missing repositories can be cloned automatically when a skill declaration providesgit. -
Bootstrap the global config:
csk bootstrap
This writes
~/.cocoaskills/config.jsonwith yourskills_root, preferred locale, and default agents. -
Initialize CocoaSkill in each project:
cd /path/to/project csk initThis creates
Skillfile.jsonand adds the CocoaSkill generated paths to.gitignore. -
Declare which skills you want:
{ "schema_version": 1, "project": { "alias": "demo-ios" }, "agents": ["claude_code", "codex_cli", "cursor"], "locale": "en", "skills": [ { "name": "skill-tracker", "git": "git@gitlab.example.com:skills/skill-tracker.git", "tag": "v1.0.0" }, { "name": "skill-metrics", "source": "internal/skill-metrics", "branch": "main" } ] }The optional
localefield only affects skills that ship localized metadata (locales/metadata.jsonplus.skill_triggers/<locale>.md). Skills without localization files install unchanged. A skill that ships.skill_triggers/must also shiplocales/metadata.jsoncovering the requested locale, otherwise the install of that skill fails. -
Run
csk installinside the checkout.
For multi-project sync, explicitly register projects with csk project add and
run csk install --all or csk upgrade --all.
Global skills are user-wide baseline skills. They are installed under
~/.cocoaskills/global/ and linked into user-level agent directories such as
~/.claude/skills/ and ~/.codex/skills/.
csk global init
csk global add skill-metrics \
--git git@gitlab.example.com:skills/skill-metrics.git \
--tag v1.0.0
csk global installGlobal commands are exposed through ~/.cocoaskills/global/bin. During
csk global install, CocoaSkills also publishes forwarding shims into a safe
user bin that is already on PATH, such as ~/.local/bin, so global commands
work from any directory without per-project activation.
If no safe user bin is available, the install succeeds and prints a warning.
In that case, add ~/.cocoaskills/global/bin to PATH, set
CSK_GLOBAL_USER_BIN to a writable PATH directory, or install the shell hook:
eval "$(csk shell-init zsh)"Inside a project, the shell hook still matters for project-local command
shadowing: .agents/bin shims should come before global shims. Project-local
skills with the same name shadow global skills. Global skills do not replace
committed project Skillfile.json declarations.
Skills can declare commands and audit capabilities through csk-skill.json.
Schema v2 supports multi-file runtimes: runtime_roots are copied into
~/.cocoaskills/runtime/<skill>/<commit>/ and excluded from agent prompt
context. Schema v3 adds the capabilities envelope used by csk audit and
strict install gates.
{
"schema_version": 3,
"runtime_roots": ["scripts"],
"capabilities": {
"network": ["gitlab.example.com"],
"filesystem": "repo",
"exec": ["review-cli"],
"secrets": "none",
"env_read": ["HOME"],
"prompt_scope": "Review merge request metadata and produce local advice."
},
"commands": {
"mr": {
"type": "script",
"unix_path": "scripts/mr"
},
"review-cli": {
"type": "system",
"command": "review-cli",
"hint": "Install the review CLI through project bootstrap tooling"
}
}
}system commands are only checked with shutil.which; CocoaSkills does not
install system tools.
csk audit runs security checks against the same committed skill snapshot that
csk install would use. Static detectors always run. Optional command and
codex backends can add structured findings, but they do not decide whether a
skill installs; the gate stays deterministic inside CocoaSkills.
csk audit
csk audit . --json
csk audit --globalInstall gates are opt-in per command or through config:
csk install --audit
csk install --audit strict
csk global install --auditAdvisory audit prints warnings and continues. Strict audit blocks findings at or above the configured threshold. Schema v1/v2 skills do not declare capabilities; strict audit requires migrating them to schema v3 or pinning the content hash through the trust workflow when that workflow is enabled.
Backend safety rules:
- Local
commandbackends receive raw skill files and are treated as trusted local tools. - Local
codexbackends requireoss=trueand an explicitlocal_provider. - Cloud backends require
audit.allow_cloud=trueand a public source policy match. File contents are redacted before they are sent to a cloud-capable backend. - Unverifiable backend findings are shown in reports but cannot block strict installs.
| Command | Behavior |
|---|---|
csk bootstrap |
Create machine-level global config; interactive or scripted via --skills-root, --default-agents, --non-interactive, --force. |
csk init [path] |
Create project Skillfile.json and the managed .gitignore block. Supports --alias, --agents, and --no-interactive for scripted setup. |
csk install [target] |
Apply Skillfile.json using current git refs. Missing git URL sources are cloned into skills_root; existing local repositories are not fetched. No target means current project; target may be an alias, ., or a project path. |
csk install --audit [strict] |
Run the audit gate for this install only. Without strict, audit is advisory and does not change config. |
csk install --all |
Install every project explicitly registered in global config. |
csk update |
Fetch all git repositories under skills_root. Does not modify projects. |
csk upgrade [target] |
Run update, then install. |
csk upgrade --all |
Run update, then install every registered project. |
csk status [target] |
Show manifest vs installed state. No target means current project. --check exits non-zero unless everything is up-to-date; --json prints machine-readable output. |
csk status --all |
Show status for every registered project. |
csk add <name> --tag/--branch/--revision ... |
Add or replace a skill declaration in the project Skillfile; apply with csk install. |
csk remove <name> |
Remove a skill declaration from the project Skillfile; the next install cleans generated files. |
csk gc |
Remove unreferenced runtime entries, snapshot cache entries, and dead consumer registry entries. |
csk audit [target] |
Run skill security audit for the current project, an alias, ., or a project path. Supports --all, --global, and --json. |
csk skill check <dir> |
Validate one skill directory without requiring global config or project setup. |
csk list [--paths] |
List configured projects and declared skills. |
csk project add <alias> <path> |
Register a project for --all and create a manifest if missing. |
csk project resolve [target] |
Show resolved project alias, checkout alias, Skillfile, and install paths. |
csk global init |
Create the user-wide global Skillfile.json, global skill context, bin, and env files. |
csk global add <name> --tag/--branch/--revision ... |
Add or replace a global skill declaration. |
csk global remove <name> |
Remove a global declaration; the next global install cleans generated files. |
csk global install |
Install all globally declared skills without fetching. |
csk global update |
Fetch source repositories for globally declared skills. |
csk global upgrade |
Run global update, then global install. |
csk global status |
Show global manifest vs installed state. |
csk global list |
List global skill declarations. |
csk config show |
Print resolved config path and contents. |
csk shell-init [zsh|bash|powershell] |
Print shell hook code for global and project-local auto-PATH activation. --no-global limits activation to project checkouts. |
csk --version |
Print version and exit. |
Flags shared by install and upgrade:
--dry-run— plan work without modifying files.--verbose— print resolved commits and installed command shims.--fix-gitignore— deprecated escape hatch; prefercsk init.--strict-tags— fail if a tag was locally moved to another commit.
Exit codes: 0 success, 1 one or more projects or skills failed, 2
configuration error, 3 lock contention.
Requires Python 3.11+.
git clone https://github.com/ivanopcode/cocoaskills.git
cd cocoaskills
python -m venv .venv
source .venv/bin/activate
python -m pip install -e ".[dev]"
pytestBuild artifacts locally:
python -m build
twine check dist/*The runtime package is stdlib-only. Versioning is driven by setuptools-scm
from git tags; the generated src/csk/_version.py is not committed.
- Skill authoring guide — practical contract for
authoring CocoaSkills-compatible skill repositories, including
csk-skill.jsonschema v3 capabilities,runtime_roots, system dependencies, audit behavior, and release checklist. - Skill security audit RFC — design for schema v3 capabilities, deterministic audit gates, verdict cache, and future backend expansion.
- Audit LLM backends RFC — design for the
commandandcodexaudit backends, file-content redaction, timeout plumbing, and fail-open/fail-closed behavior. - MVP design specification — v0.1 contract, partially superseded by the RFCs below covering manifests, refs, install pipeline, locking, adapters, security boundary, and test surface.
- CHANGELOG — release history in Keep a Changelog format.
Apache-2.0. See LICENSE.