Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

abogoyavlensky/review-with-codex

Name: review-with-codex
Author: abogoyavlensky

skills/review-with-codex/SKILL.md

npx skillsauth add abogoyavlensky/agents review-with-codex

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Review with Codex

Delegates a code review to the Codex CLI, in the background, and brings the report back into the current session. This is a second opinion from a different model — useful alongside or in place of the inline code-review skill when you want independent verification.

Announce at start: "I'm using the review-with-codex skill to get a second-opinion review."

Workflow

1. Resolve scope

Mirror the code-review skill's resolution so behavior stays consistent:

User named a commit ("review commit abc123") → --commit <sha>.
User named a base branch ("review against develop") → --base <branch>.
User said "branch" / "this branch" → --base <main-branch>.
- Determine main with git rev-parse --verify main, fallback to master. If neither exists, ask.
No explicit scope → auto-detect:
- Tracked uncommitted changes (git diff HEAD --quiet || echo dirty) → --uncommitted.
- Else current branch is ahead of main → --base <main-branch>.
- Else ask which scope to review.

State the chosen scope to the user before invoking codex so they can correct a wrong guess.

2. Pick output paths

Save locally in the .tmp dir in the current repo:

TS=$(date +%s)
OUT=.tmp/codex-review-${TS}.md      # final review message
LOG=.tmp/codex-review-${TS}.log     # full stdout/stderr for debugging

3. Invoke codex in the background

Run via the Bash tool with run_in_background: true. The harness will notify you on completion — do not poll.

codex exec review \
  --skip-git-repo-check \
  --dangerously-bypass-approvals-and-sandbox \
  <SCOPE_FLAG> \
  -o "$OUT" \
  > "$LOG" 2>&1

--dangerously-bypass-approvals-and-sandbox is what makes a background run work: codex exec review is read-only, but without it codex can block on an approval/sandbox prompt with no TTY and the background job hangs until timeout. Safe here precisely because the review never writes.

Where <SCOPE_FLAG> is exactly one of:

--uncommitted
--base <main-branch>
--commit <sha>

Optional positional prompt at the end for focused instructions, e.g. "Pay special attention to the new auth middleware in pkg/auth/". Keep it short; codex has a built-in review prompt. Caveat (see flag compatibility below): some codex versions reject a positional PROMPT together with --uncommitted. If you need a focused prompt, pair it with --base/--commit, or drop the prompt and rely on codex's built-in review prompt for the uncommitted case.

Flag compatibility — verify before assuming. Codex CLI flags vary by version (checked against codex-cli 0.135.0). Two gotchas seen in practice:

--color never is rejected (unexpected argument '--color'). Don't pass it. -o already writes a clean final message; ANSI in $LOG is harmless.

A positional PROMPT cannot be combined with --uncommitted (the argument '--uncommitted' cannot be used with '[PROMPT]').

If a run fails with exit code 2 and an "unexpected/incompatible argument" message in $LOG, run codex exec review --help, drop or swap the offending flag, and re-invoke — don't keep retrying the same command.

Tell the user: "Codex review started in the background (scope: …). I'll surface findings when it finishes." Then continue with whatever's next — the caller decides whether to block or carry on.

4. When codex completes

When the background bash notifies completion:

Exit code ≠ 0 → read $LOG, surface the error to the user, and suggest a fix (most common causes: codex auth lapsed, wrong flag for the installed codex version, repo not git-initialised).
Exit code = 0 → read $OUT. That's codex's final review message.
Summarise findings for the user, grouped by severity (must fix / should fix / nit) with file:line citations when codex provided them. Quote codex's text where possible — it's a second opinion, not your own.
Ask the user how to handle each finding. If invoked from executing-plans, fold must-fix items into the current task before moving on.

5. Cleanup

Leave .tmp/codex-review-* files in place — they age out naturally and are useful for debugging a bad review run.

Flags worth knowing

--uncommitted — staged + unstaged + untracked changes. (Cannot be combined with a positional PROMPT on some versions — see flag compatibility above.)
--base <branch> — diff HEAD against the branch.
--commit <sha> — review just that commit.
--skip-git-repo-check — allow running outside a strict git check.
--dangerously-bypass-approvals-and-sandbox — required for unattended background runs (no TTY for approval prompts); safe because review is read-only.
-o <file> — write the agent's final message to a file.
-m <model> — override the codex model. Leave unset by default; codex uses what's configured in ~/.codex/config.toml. Only pass if the user explicitly asks.
--json — emit JSONL of events. Use only if you need streaming progress; -o already captures the final report.

What this skill is not

Not the local code-review skill. That one runs inline in this session. This delegates to a separate process and model.
Not auto-fix. Codex is read-only; acting on findings is a follow-up step in the calling session.

abogoyavlensky/review-with-codex

skills/review-with-codex/SKILL.md

Run a second-opinion code review using the Codex CLI (`codex exec review`) in the background and surface the findings when it finishes. Use when the user says "review with codex", "second-opinion review", "what does codex think", or wants an outside model to look at local changes (uncommitted, current branch vs main, or a named commit). Also used as the review checkpoint inside the `executing-plans` skill.

tools

Updated Jun 7, 2026

$ install --global

skillsauth

npx skillsauth add abogoyavlensky/agents review-with-codex

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 7, 2026, 4:01 AM27.3s1 file scanned

SKILL.md

name:: review-with-codex
description:: Run a second-opinion code review using the Codex CLI (`codex exec review`) in the background and surface the findings when it finishes. Use when the user says "review with codex", "second-opinion review", "what does codex think", or wants an outside model to look at local changes (uncommitted, current branch vs main, or a named commit). Also used as the review checkpoint inside the `executing-plans` skill.

Review with Codex

Announce at start: "I'm using the review-with-codex skill to get a second-opinion review."

Workflow

1. Resolve scope

Mirror the code-review skill's resolution so behavior stays consistent:

User named a commit ("review commit abc123") → --commit <sha>.
User named a base branch ("review against develop") → --base <branch>.
User said "branch" / "this branch" → --base <main-branch>.
- Determine main with git rev-parse --verify main, fallback to master. If neither exists, ask.
No explicit scope → auto-detect:
- Tracked uncommitted changes (git diff HEAD --quiet || echo dirty) → --uncommitted.
- Else current branch is ahead of main → --base <main-branch>.
- Else ask which scope to review.

State the chosen scope to the user before invoking codex so they can correct a wrong guess.

2. Pick output paths

Save locally in the .tmp dir in the current repo:

TS=$(date +%s)
OUT=.tmp/codex-review-${TS}.md      # final review message
LOG=.tmp/codex-review-${TS}.log     # full stdout/stderr for debugging

3. Invoke codex in the background

Run via the Bash tool with run_in_background: true. The harness will notify you on completion — do not poll.

codex exec review \
  --skip-git-repo-check \
  --dangerously-bypass-approvals-and-sandbox \
  <SCOPE_FLAG> \
  -o "$OUT" \
  > "$LOG" 2>&1

Where <SCOPE_FLAG> is exactly one of:

--uncommitted
--base <main-branch>
--commit <sha>

Flag compatibility — verify before assuming. Codex CLI flags vary by version (checked against codex-cli 0.135.0). Two gotchas seen in practice:

--color never is rejected (unexpected argument '--color'). Don't pass it. -o already writes a clean final message; ANSI in $LOG is harmless.

A positional PROMPT cannot be combined with --uncommitted (the argument '--uncommitted' cannot be used with '[PROMPT]').

If a run fails with exit code 2 and an "unexpected/incompatible argument" message in $LOG, run codex exec review --help, drop or swap the offending flag, and re-invoke — don't keep retrying the same command.

Tell the user: "Codex review started in the background (scope: …). I'll surface findings when it finishes." Then continue with whatever's next — the caller decides whether to block or carry on.

4. When codex completes

When the background bash notifies completion:

Exit code ≠ 0 → read $LOG, surface the error to the user, and suggest a fix (most common causes: codex auth lapsed, wrong flag for the installed codex version, repo not git-initialised).
Exit code = 0 → read $OUT. That's codex's final review message.
Summarise findings for the user, grouped by severity (must fix / should fix / nit) with file:line citations when codex provided them. Quote codex's text where possible — it's a second opinion, not your own.
Ask the user how to handle each finding. If invoked from executing-plans, fold must-fix items into the current task before moving on.

5. Cleanup

Leave .tmp/codex-review-* files in place — they age out naturally and are useful for debugging a bad review run.

Flags worth knowing

--uncommitted — staged + unstaged + untracked changes. (Cannot be combined with a positional PROMPT on some versions — see flag compatibility above.)
--base <branch> — diff HEAD against the branch.
--commit <sha> — review just that commit.
--skip-git-repo-check — allow running outside a strict git check.
--dangerously-bypass-approvals-and-sandbox — required for unattended background runs (no TTY for approval prompts); safe because review is read-only.
-o <file> — write the agent's final message to a file.
-m <model> — override the codex model. Leave unset by default; codex uses what's configured in ~/.codex/config.toml. Only pass if the user explicitly asks.
--json — emit JSONL of events. Use only if you need streaming progress; -o already captures the final report.

What this skill is not

Not the local code-review skill. That one runs inline in this session. This delegates to a separate process and model.
Not auto-fix. Codex is read-only; acting on findings is a follow-up step in the calling session.

Related Skills

abogoyavlensky/tech-article-writing

development

VerifiedTrustedCommunity

Review, edit, or draft technical articles, blog posts, tutorials, README-style walkthroughs, and documentation in Andrey Bogoyavlensky's practical technical writing voice. Use when asked to review or improve an article end to end (grammar, fluency, factual correctness, readability) and apply the fixes; improve grammar, fluency, structure, or style of technical prose; align a draft with "my style"; or write/rewrite articles for bogoyavlensky.com while preserving the author's voice.

SKILL.mdUpdated Jun 8, 2026

abogoyavlensky/tech-article-writing

abogoyavlensky/writing-clearly

documentation

VerifiedTrustedCommunity

Use when writing prose humans will read - documentation, commit messages, error messages, explanations, reports, or UI text. Applies Strunk's timeless rules for clearer, stronger, more professional writing.

SKILL.mdUpdated Jun 7, 2026

abogoyavlensky/writing-clearly

abogoyavlensky/ralphex-plan

documentation

VerifiedTrustedCommunity

Create structured implementation plan in docs/plans/

SKILL.mdUpdated May 23, 2026

abogoyavlensky/ralphex-plan

abogoyavlensky/code-review

development

VerifiedTrustedCommunity

Review local code changes — uncommitted work, the current branch vs main, or a specific commit — for code quality, minimal implementation, basic security, and feature completeness. Use this skill whenever the user asks to review code, review changes, review a branch, review a commit, audit a diff, sanity-check what's about to be committed, or asks "is this ready to ship?" — even when they don't say the word "review" explicitly. This is a fast local review run inside the project, not the cloud-based /ultrareview. The output is a severity-grouped findings report with file:line citations.

SKILL.mdUpdated May 10, 2026

abogoyavlensky/code-review

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/abogoyavlensky/agents.git

# Copy into Claude Code skills folder (global)
cp -r agents/skills/review-with-codex ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

abogoyavlensky/agents

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT