kumewata/codex-delegate
config/agents/skills/codex-delegate/SKILL.md
Use when the user wants a second opinion or review from Codex on code, docs, diffs, or design notes without modifying files. This includes implementation review, bug risk review, security review, and document clarity review through `codex exec`. Do NOT use for tasks that require file edits or direct implementation; keep this skill review-only. Trigger especially when the user says review with Codex, second opinion, delegate review, use codex, or check this diff or document.
development
Updated Jun 3, 2026
$ install --global
skillsauthnpx skillsauth add kumewata/dotfiles codex-delegateInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 3, 2026, 4:07 AM9.2s2 files scanned
SKILL.md
- name:
- codex-delegate
- description:
- |
Codex Delegate
Delegate review tasks to OpenAI Codex CLI using codex exec (non-interactive mode).
Command Pattern
codex exec -s read-only "<prompt>"
Required flags:
-s read-only- Always use read-only sandbox (review only, no file changes)
Optional flags:
-m <model>- Override model (default: configured in~/.codex/config.toml)-C <path>- Set working directory (must combine with--skip-git-repo-checkif the target is outside a trusted git repo)--skip-git-repo-check- Skip trusted git repository check. Required when reviewing files outside of a git repository (e.g.,~/.local/state/steering/)
Code Review
Construct a prompt that specifies the target files and review criteria.
Single file review
codex exec -s read-only "Review the implementation in src/auth.ts. Check for bugs, security issues, and adherence to best practices. Provide specific suggestions for improvement."
Multi-file / directory review
codex exec -s read-only "Review all files under src/api/. Focus on error handling, input validation, and API design consistency. List issues by severity."
Focused review (specific concern)
codex exec -s read-only "Review src/db/queries.ts specifically for SQL injection vulnerabilities and improper input sanitization."
Git diff review
codex exec -s read-only "Review the changes in the current git diff (staged and unstaged). Check for bugs, style issues, and potential regressions."
Document Review
README / docs review
codex exec -s read-only "Review README.md for clarity, accuracy, and completeness. Check that setup instructions are correct and examples work as documented."
Design doc review
codex exec -s read-only "Review docs/architecture.md. Check for logical consistency, missing considerations, and alignment with the actual codebase structure."
Execution in Claude Code
Run codex exec via the Bash tool. The final review output prints to stdout.
codex exec -s read-only "<review prompt>"
When reviewing files outside a git repo (e.g., ~/.local/state/steering/), add --skip-git-repo-check:
codex exec -s read-only --skip-git-repo-check -C /path/to/dir "<review prompt>"
If the output is long, use -o /tmp/codex-review.txt and read the file afterward.
Prompt Construction Guidelines
- Be specific about scope - Name exact files or directories to review
- State the review criteria - What to focus on (bugs, security, style, clarity)
- Request structured output - Ask for categorized findings (e.g., by severity)
- Provide context - Mention the project's language, framework, or conventions when relevant
Notes
codex execstreams progress to stderr and final output to stdout- The command exits automatically when the agent finishes
- Requires Codex CLI to be installed and authenticated (
codexin PATH) - Read-only sandbox ensures Codex cannot modify any files
Related Skills
kumewata/waza-eval
tools
VerifiedTrustedCommunity
Use when creating a new skill or making a substantial change to an existing skill and you also need to design, update, or review Waza-based executable evaluations. This includes deciding whether Waza is warranted, mapping `evals.json` cases into Waza tasks, choosing fixtures and graders, selecting a valid model with `waza models --json`, and running a local-first `waza run` workflow. Do NOT use for installing the Waza CLI itself or for general skill-authoring advice that does not involve Waza; use `skill-creator` for skill design and this skill for the Waza execution layer. Trigger especially when the user mentions Waza, `waza run`, `waza models`, executable evals, compare, graders, fixtures, or wants to validate a skill change with model-backed evaluation.
SKILL.mdUpdated Jun 3, 2026
kumewata/cc-delegate
tools
VerifiedTrustedCommunity
Use when the user wants Codex to ask Claude Code for a second opinion or review on code, docs, diffs, PR changes, or design notes without modifying files. This delegates bounded review-only analysis through the Claude Code CLI (`claude -p`). Do NOT use for implementation or file edits; keep this skill review-only. Trigger especially when the user says ask Claude, ask Claude Code, cc-delegate, Claude review, second opinion from Claude, compare Codex and Claude, or review this diff/document with Claude Code.
SKILL.mdUpdated May 29, 2026
kumewata/airflow
tools
VerifiedTrustedCommunity
Airflow DAG development skill for writing, reviewing, testing, and debugging Apache Airflow workflows. Use whenever the user mentions Airflow, DAGs, tasks, operators, sensors, schedules, retries, catchup, DAG import errors, DAG parse performance, or workflow orchestration in Python. Also use for Amazon MWAA / Managed Workflows for Apache Airflow work, including MWAA DAG deployment, requirements.txt, plugins.zip, aws-mwaa-docker-images, S3 DAG folders, CloudWatch logs, and MWAA-specific dependency or IAM issues.
SKILL.mdUpdated May 17, 2026
kumewata/tone
development
VerifiedTrustedCommunity
Use when the user asks for help drafting a GitHub PR description, a PR review comment, or a Slack post in their own tone (i.e., their personal writing voice). The skill detects the context (formal for PR / review, casual for Slack) and target_type (pr_description, pr_review, slack), drafts the body with an explicit reflection step that avoids verbose, mechanical phrasing, and stages the draft to `~/.local/state/tone/drafts/` via `tone-stage-draft.sh`. The user later runs `/tone-capture <url>` after posting, which pairs the staged draft with the final body to build a corpus for future tone tuning. Trigger especially when the user mentions PR description, PR review comment, Slack post, または「文を書いて」「文面を作って」「自分らしく」「トーン」「tone」.
SKILL.mdUpdated May 1, 2026