sd0xdev/code-explore
skills/code-explore/SKILL.md
Pure Claude code investigation. Use when: tracing execution paths, understanding architecture, diagnosing issues. Not for: dual-perspective review (use code-investigate), code review (use codex-code-review). Output: analysis report with findings.
$ install --global
skillsauthnpx skillsauth add sd0xdev/sd0x-dev-flow code-exploreInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 4:02 AM77.1s2 files scanned
SKILL.md
- name:
- code-explore
- description:
- Pure Claude code investigation. Use when: tracing execution paths, understanding architecture, diagnosing issues. Not for: dual-perspective review (use code-investigate), code review (use codex-code-review). Output: analysis report with findings.
- allowed-tools:
- Read, Grep, Glob, Bash(ls:*), Bash(find:*)
- context:
- fork
Code Explore Skill
Trigger
- Keywords: code explore, code investigation, research code, trace code, feature understanding, quick investigation, code exploration
When to Use
- Quickly understand how a feature works
- Trace execution paths / data flow
- Diagnose problem root causes
- No dual confirmation needed (no Codex cross-validation)
When NOT to Use
| Scenario | Alternative |
| ----------------------- | ------------------------------------- |
| Need dual confirmation | /code-investigate (Claude + Codex) |
| Git history tracking | /git-investigate |
| System verification | /feature-verify |
| Code review | /codex-review-fast |
Workflow
┌──────────────────────────────────────────────────────────┐
│ Phase 1: Locate Entry Point │
├──────────────────────────────────────────────────────────┤
│ 1. Grep keywords -> find related files │
│ 2. Identify entry points (Controller / Service / Provider) │
│ 3. Build file list │
└──────────────────────────────────────────────────────────┘
↓
┌──────────────────────────────────────────────────────────┐
│ Phase 2: Trace Path │
├──────────────────────────────────────────────────────────┤
│ 1. Start from entry point, Read │
│ 2. Identify dependencies -> continue tracing │
│ 3. Map call chain (A -> B -> C) │
└──────────────────────────────────────────────────────────┘
↓
┌──────────────────────────────────────────────────────────┐
│ Phase 3: Understand Logic │
├──────────────────────────────────────────────────────────┤
│ 1. What is the core logic? │
│ 2. How does data flow? │
│ 3. Error handling mechanisms? │
│ 4. Key decision points? │
└──────────────────────────────────────────────────────────┘
↓
┌──────────────────────────────────────────────────────────┐
│ Phase 4: Output Report │
├──────────────────────────────────────────────────────────┤
│ 1. Architecture overview (diagram / table) │
│ 2. Key files list │
│ 3. Execution flow │
│ 4. Findings / notes │
└──────────────────────────────────────────────────────────┘
Search Strategy
| Target | Strategy |
| --------------- | -------------------------------------------------------- |
| Feature entry | Grep "export class.*Controller" / Grep "@Get\|@Post" |
| Service layer | Grep "export class.*Service" |
| Provider layer | Glob "src/provider/**/*.ts" |
| Configuration | Read {CONFIG_FILE} |
| Data models | Glob "src/model/**/*.ts" |
Output Format
## Investigation Report: {Topic}
### Architecture Overview
{ASCII or Mermaid diagram}
### Key Files
| File | Responsibility |
| ----------------- | -------------- |
| `path/to/file.ts` | Description |
### Execution Flow
1. {Step 1}
2. {Step 2}
3. ...
### Data Flow
{Describe how data flows}
### Findings
- {Important finding 1}
- {Important finding 2}
### Notes
- {Potential issue / edge case}
Verification
- [ ] Entry points identified and listed
- [ ] Execution flow traced end-to-end
- [ ] Key files table includes all relevant files
- [ ] Findings section has actionable insights
References
references/search-patterns.md— Common search patterns for codebase exploration (read when building search strategy)
Examples
Feature Understanding
Input: Investigate how user data queries work
Phase 1: Grep "balance" -> find UserService, UserController
Phase 2: Controller -> Service -> Provider call chain
Phase 3: Understand query + cache mechanism
Phase 4: Output report + flow diagram
Problem Diagnosis
Input: Why does this API sometimes return empty?
Phase 1: Grep "getData" + "cache" -> related files
Phase 2: Trace data retrieval path
Phase 3: Identify fallback logic + timeout handling
Phase 4: List possible causes + recommendations
Architecture Understanding
Input: What is the overall architecture of the user module?
Phase 1: Glob "src/**/*user*" -> list all related files
Phase 2: Identify layer relationships (Controller -> Service -> Provider)
Phase 3: Understand each layer's responsibilities
Phase 4: Output architecture diagram + module description
Difference from code-investigate
| Dimension | code-explore | code-investigate | | ------------ | ---------------------- | ---------------------- | | Speed | Fast (single view) | Slow (dual view) | | Confirmation | Single perspective | Cross-validation | | Tools | Pure Claude | Claude + Codex | | Use case | Quick investigation | Important decisions |
Related Skills
sd0xdev/zh-tw
documentation
VerifiedTrustedCommunity
Rewrite the previous reply in Traditional Chinese
147SKILL.mdUpdated Apr 28, 2026
sd0xdev/watch-ci
development
VerifiedTrustedCommunity
Monitor GitHub Actions CI runs until completion. Use when: watching CI after push, checking build status, monitoring PR checks, waiting for CI completion, user says 'watch CI', 'check CI', 'CI status', 'monitor build', or /watch-ci. Not for: pushing code (use push-ci), creating PRs (use create-pr). Output: per-run verdict (pass/fail/timeout).
147SKILL.mdUpdated Apr 28, 2026
sd0xdev/verify
development
VerifiedTrustedCommunity
Verification loop — lint -> typecheck -> unit -> integration -> e2e
147SKILL.mdUpdated Apr 28, 2026
sd0xdev/update-docs
development
VerifiedTrustedCommunity
Research current code state then update corresponding docs, ensuring docs stay in sync with code.
147SKILL.mdUpdated Apr 28, 2026