Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

lploc94/codex-codebase-review

Name: codex-codebase-review
Author: lploc94

skill-packs/codex-review/skills/codex-codebase-review/SKILL.md

npx skillsauth add lploc94/codex_skill codex-codebase-review

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Codex Codebase Review

Purpose

Review large codebases exceeding single-session context limits. Chunks by module, reviews independently, synthesizes cross-cutting findings.

When to Use

Full codebase audit (50-500+ files). For diff review use /codex-impl-review.

Prerequisites

Source files in working directory.

Runner

RUNNER="{{RUNNER_PATH}}" SKILLS_DIR="{{SKILLS_DIR}}" json_esc() { printf '%s' "$1" | node -e 'let d="";process.stdin.on("data",c=>d+=c);process.stdin.on("end",()=>process.stdout.write(JSON.stringify(d)))'; }

Critical Rules (DO NOT skip)

Stdin: printf '%s' "$PROMPT" | node "$RUNNER" ... -- NEVER echo. JSON via heredoc.
Validate: init output must start with CODEX_SESSION:. start/resume must return valid JSON. CODEX_NOT_FOUND->tell user install codex.
status === "completed" means Codex's turn is done -- NOT that the review is over. Parse results and continue.
Errors: failed->retry once, still fails->skip chunk. >50% failed->warn user. timeout->report partial. stalled+recoverable->stop->recovery resume->poll; not recoverable->report partial. Cleanup sequencing: finalize+stop ONLY after recovery resolves.
Cleanup: ALWAYS finalize + stop ALL tracked sessions, even on failure/timeout.
Runner manages all session state -- NEVER read/write session files manually.
For detailed error flows -> Read references/protocol.md

Workflow

1. Collect Inputs

Effort: <50 files=medium, 50-200=high, >200=xhigh. Ask parallel factor (default 1), focus areas (default all). Effort levels: low=~10-20min/chunk, medium=~15-30min, high=~20-40min, xhigh=~30-60min.

2. Discovery

2a) Detect project type from markers (package.json, go.mod, Cargo.toml, etc.). 2b) List source files (extensions: js, ts, jsx, tsx, py, go, rs, java, cs, rb, php, vue, svelte). Exclude: node_modules, .git, dist, build, vendor, pycache, target, .next, .nuxt, coverage. 2c) Identify module boundaries: group by top-level dir under source root (depth 2). 2d) Count lines per module. 2e) Present module table for confirmation (effort >= medium).

3. Chunking

Target: 500-2000 lines/chunk. Module <300 lines -> merge with related. Module >2500 -> split by sub-dir. Order: config/types first -> core/utils -> features -> tests last. Present chunk plan (effort >= medium).

4. Review Loop

Track: ALL_SESSION_DIRS=(). For each chunk (sequential or parallel batches): 4a) Init: node "$RUNNER" init --skill-name codex-codebase-review --working-dir "$PWD". Track session. 4b) Render: template=chunk-review. Placeholders: PROJECT_TYPE, CHUNK_NAME, FOCUS_AREAS, FILE_LIST, CONTEXT_SUMMARY. 4c) Start + 4d) Poll. Report: "Chunk {N}/{TOTAL} [{name}]". 4e) Parse review.blocks[]. 4f) Context propagation: high/critical findings (~2000 tokens cap). 4g) Progress report. 4h) Finalize chunk. Parallel mode: batch by parallel_factor, start all simultaneously, poll round-robin, propagate context between batches only.

5. Cross-cutting Analysis (Claude-only)

Collect all ISSUE-{N} from all chunks -> group by file/category/severity -> find cross-module patterns -> generate CROSS-{N}. Categories by effort: pattern inconsistencies + DRY (all); API contracts (medium+); integration + architecture (high+).

6. Validation (effort >= high)

Init new session, render template=validation with CROSS_FINDINGS. Start + poll. Parse RESPONSE-{N} (accept/reject/revise). Rounds: high=1 max, xhigh=up to 2. Finalize validation session.

7. Final Report

Project type, Total files/lines, Chunks reviewed, Total issues, Cross-cutting findings. Per-module findings by severity, CROSS-{N} by category, architecture assessment (high+), action items (P0/P1/P2), per-chunk stats.

8. Session Finalization

Create master session, finalize with aggregated stats. Report master session path.

9. Cleanup

Stop ALL tracked sessions (chunk + validation + master). Always run. Chunk failure: retry once, skip on second fail. All failed: Claude fallback review top 5 chunks.

Flavor Text Triggers

SKILL_START, POLL_WAITING, CODEX_RETURNED, CHUNK_PROGRESS, CHUNK_CROSS, FINAL_SUMMARY

Rules

If in plan mode, exit first. No cross-contamination between chunk sessions.
Context propagation: only high/critical, capped ~2000 tokens. Scope is full codebase only.

lploc94/codex-codebase-review

skill-packs/codex-review/skills/codex-codebase-review/SKILL.md

Review entire codebases (50-500+ files) by chunking into modules, reviewing each in separate Codex sessions, then synthesizing cross-cutting findings.

67 stars

development

Updated May 27, 2026

$ install --global

skillsauth

npx skillsauth add lploc94/codex_skill codex-codebase-review

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 27, 2026, 7:21 AM162.4s3 files scanned

SKILL.md

name:: codex-codebase-review
description:: Review entire codebases (50-500+ files) by chunking into modules, reviewing each in separate Codex sessions, then synthesizing cross-cutting findings.

Codex Codebase Review

Purpose

Review large codebases exceeding single-session context limits. Chunks by module, reviews independently, synthesizes cross-cutting findings.

When to Use

Full codebase audit (50-500+ files). For diff review use /codex-impl-review.

Prerequisites

Source files in working directory.

Runner

Critical Rules (DO NOT skip)

Stdin: printf '%s' "$PROMPT" | node "$RUNNER" ... -- NEVER echo. JSON via heredoc.
Validate: init output must start with CODEX_SESSION:. start/resume must return valid JSON. CODEX_NOT_FOUND->tell user install codex.
status === "completed" means Codex's turn is done -- NOT that the review is over. Parse results and continue.
Errors: failed->retry once, still fails->skip chunk. >50% failed->warn user. timeout->report partial. stalled+recoverable->stop->recovery resume->poll; not recoverable->report partial. Cleanup sequencing: finalize+stop ONLY after recovery resolves.
Cleanup: ALWAYS finalize + stop ALL tracked sessions, even on failure/timeout.
Runner manages all session state -- NEVER read/write session files manually.
For detailed error flows -> Read references/protocol.md

Workflow

1. Collect Inputs

2. Discovery

3. Chunking

4. Review Loop

5. Cross-cutting Analysis (Claude-only)

6. Validation (effort >= high)

Init new session, render template=validation with CROSS_FINDINGS. Start + poll. Parse RESPONSE-{N} (accept/reject/revise). Rounds: high=1 max, xhigh=up to 2. Finalize validation session.

7. Final Report

8. Session Finalization

Create master session, finalize with aggregated stats. Report master session path.

9. Cleanup

Stop ALL tracked sessions (chunk + validation + master). Always run. Chunk failure: retry once, skip on second fail. All failed: Claude fallback review top 5 chunks.

Flavor Text Triggers

SKILL_START, POLL_WAITING, CODEX_RETURNED, CHUNK_PROGRESS, CHUNK_CROSS, FINAL_SUMMARY

Rules

If in plan mode, exit first. No cross-contamination between chunk sessions.
Context propagation: only high/critical, capped ~2000 tokens. Scope is full codebase only.

Related Skills

lploc94/codex-think-about

development

VerifiedTrustedCommunity

Peer debate between Claude Code and Codex on any technical question. Both think independently, challenge each other, converge to consensus or explicit disagreement.

67SKILL.mdUpdated May 27, 2026

lploc94/codex-think-about

lploc94/codex-security-review

development

VerifiedTrustedCommunity

Security-focused code review using OWASP Top 10 and CWE patterns. Detects vulnerabilities through adversarial debate.

67SKILL.mdUpdated May 27, 2026

lploc94/codex-security-review

lploc94/codex-pr-review

development

VerifiedTrustedCommunity

Peer debate between Claude Code and Codex on PR quality and merge readiness. No code modifications.

67SKILL.mdUpdated May 27, 2026

lploc94/codex-pr-review

lploc94/codex-plan-review

tools

VerifiedTrustedCommunity

Review/debate plans before implementation between Claude Code and Codex CLI. Can run in plan mode — debates the plan and edits the plan file to fix accepted issues.

67SKILL.mdUpdated May 27, 2026

lploc94/codex-plan-review

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/lploc94/codex_skill.git

# Copy into Claude Code skills folder (global)
cp -r codex_skill/skill-packs/codex-review/skills/codex-codebase-review ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

lploc94/codex_skill

67 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT