Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

sd0xdev/code-investigate

Name: code-investigate
Author: sd0xdev

skills/code-investigate/SKILL.md

npx skillsauth add sd0xdev/sd0x-dev-flow code-investigate

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Code Investigate Skill

Trigger

Keywords: investigate code, how feature works, trace implementation, dual confirmation, deep dive, how code works, what this code does, code research

When NOT to Use

Just need quick lookup (use Grep/Glob directly)
Code review (use codex-review)
System verification (use feature-verify)
Git history tracking (use git-investigate)

Core Principle

Codex must explore independently. Feeding Claude's conclusions to Codex is prohibited.

┌─────────────────┐     ┌─────────────────┐
│ Claude Explores  │     │ Codex Explores   │
│ Independently    │     │ Independently    │
│   (Phase 1-2)   │     │    (Phase 3)     │
└────────┬────────┘     └────────┬────────┘
         │                       │
         ▼                       ▼
   ┌───────────┐           ┌───────────┐
   │ Claude    │           │ Codex     │
   │ Conclusion│           │ Conclusion│
   └─────┬─────┘           └─────┬─────┘
         │                       │
         └───────────┬───────────┘
                     ▼
              ┌─────────────┐
              │ Consolidated│
              │   Report    │
              │  (Phase 4)  │
              └─────────────┘

Workflow

| Phase | Name | Action | Output | | ----- | --------------- | ----------------------------------- | --------------------------- | | 1 | Claude Explore | Grep/Glob/Read to search code | Related files list | | 2 | Claude Conclude | Analyze logic, form understanding | Initial conclusion (internal)| | 3 | Codex Explore | Invoke Codex MCP to explore independently | Codex analysis report | | 4 | Integrate | Compare both perspectives, mark differences | Consolidated report |

Codex Invocation Rules

Required Parameters

| Parameter | Value | Description | | ----------------- | ----------- | --------------- | | sandbox | read-only | Force read-only | | approval-policy | never | Auto-execute | | cwd | Project root| Exploration start point |

Correct Approach

mcp__codex__codex({
  prompt: `# Code Investigation Task

## Question
${userQuestion}

## Project Info
- Path: ${cwd}
- Tech Stack: {FRAMEWORK} + TypeScript + {DATABASE}

Please **independently explore** the codebase and answer:
1. What files are related?
2. How does the core logic work?
3. What is the data flow?
4. What are the key dependencies?

Please grep/read and explore on your own, then provide your analysis.`,
  cwd: '/path/to/project',
  sandbox: 'read-only',
  'approval-policy': 'never',
});

Prohibited Approaches

| Pattern | Problem | Example | | ------------------ | --------------------------------- | ------------------------------------------- | | Feeding conclusion | Claude's findings leak to Codex | Claude found these files: ${findings} | | Leading question | Presupposes answer | I think the problem is in cache, verify | | Scope restriction | Prevents independent exploration | Only look at src/service/ |

Output

## Investigation Report
- **Claude findings**: <independent analysis>
- **Codex findings**: <independent analysis>
- **Integrated conclusion**: <merged findings>
- **Confidence**: High / Medium / Low

Verification Checklist

| Check | Standard | | ------------------------- | --------------------------------------------- | | Claude independent conclusion | Phase 2 forms conclusion, not output to user | | Codex prompt is clean | Contains only question + project path, no Claude findings | | Report perspectives separated | Claude / Codex conclusions presented separately | | Integration is complete | Marks agreement, differences, possible gaps |

References

| File | Purpose | When to Read | | ------------------------------- | -------------------- | ------------------ | | references/prompts.md | Codex prompt templates | Before Phase 3 | | references/output-template.md | Report format | During Phase 4 |

Examples

Feature Investigation

Input: Investigate how order processing works
Phase 1: Grep "processOrder" -> Read src/service/order/*.ts
Phase 2: Form understanding: Controller -> Service -> Repository write
Phase 3: Codex explores independently (only given question + path)
Phase 4: Consolidated report -> mark both perspectives

Mechanism Understanding

Input: How does the API caching mechanism work?
Phase 1: Grep "cache" + "portfolio" -> Read related files
Phase 2: Understand Redis TTL + fallback mechanism
Phase 3: Codex investigates independently
Phase 4: Compare differences -> output consolidated report

Problem Diagnosis

Input: Why is token price sometimes null?
Phase 1: Search price-related logic + error handling
Phase 2: Identify possible fallback paths
Phase 3: Codex diagnoses independently
Phase 4: Synthesize both findings -> list possible causes

sd0xdev/code-investigate

skills/code-investigate/SKILL.md

Dual-perspective code investigation. Use when: deep code analysis needing both Claude and Codex perspectives. Not for: quick exploration (use code-explore), code review (use codex-code-review). Output: integrated findings from dual analysis.

144 stars

development

Updated Apr 18, 2026

$ install --global

skillsauth

npx skillsauth add sd0xdev/sd0x-dev-flow code-investigate

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 18, 2026, 4:03 AM131.5s3 files scanned

SKILL.md

name:: code-investigate
description:: Dual-perspective code investigation. Use when: deep code analysis needing both Claude and Codex perspectives. Not for: quick exploration (use code-explore), code review (use codex-code-review). Output: integrated findings from dual analysis.
allowed-tools:: Read, Grep, Glob, Bash(git:*), mcp__codex__codex, mcp__codex__codex-reply
context:: fork

Code Investigate Skill

Trigger

Keywords: investigate code, how feature works, trace implementation, dual confirmation, deep dive, how code works, what this code does, code research

When NOT to Use

Just need quick lookup (use Grep/Glob directly)
Code review (use codex-review)
System verification (use feature-verify)
Git history tracking (use git-investigate)

Core Principle

Codex must explore independently. Feeding Claude's conclusions to Codex is prohibited.

┌─────────────────┐     ┌─────────────────┐
│ Claude Explores  │     │ Codex Explores   │
│ Independently    │     │ Independently    │
│   (Phase 1-2)   │     │    (Phase 3)     │
└────────┬────────┘     └────────┬────────┘
         │                       │
         ▼                       ▼
   ┌───────────┐           ┌───────────┐
   │ Claude    │           │ Codex     │
   │ Conclusion│           │ Conclusion│
   └─────┬─────┘           └─────┬─────┘
         │                       │
         └───────────┬───────────┘
                     ▼
              ┌─────────────┐
              │ Consolidated│
              │   Report    │
              │  (Phase 4)  │
              └─────────────┘

Workflow

Codex Invocation Rules

Required Parameters

Correct Approach

mcp__codex__codex({
  prompt: `# Code Investigation Task

## Question
${userQuestion}

## Project Info
- Path: ${cwd}
- Tech Stack: {FRAMEWORK} + TypeScript + {DATABASE}

Please **independently explore** the codebase and answer:
1. What files are related?
2. How does the core logic work?
3. What is the data flow?
4. What are the key dependencies?

Please grep/read and explore on your own, then provide your analysis.`,
  cwd: '/path/to/project',
  sandbox: 'read-only',
  'approval-policy': 'never',
});

Prohibited Approaches

Output

## Investigation Report
- **Claude findings**: <independent analysis>
- **Codex findings**: <independent analysis>
- **Integrated conclusion**: <merged findings>
- **Confidence**: High / Medium / Low

Verification Checklist

References

Examples

Feature Investigation

Input: Investigate how order processing works
Phase 1: Grep "processOrder" -> Read src/service/order/*.ts
Phase 2: Form understanding: Controller -> Service -> Repository write
Phase 3: Codex explores independently (only given question + path)
Phase 4: Consolidated report -> mark both perspectives

Mechanism Understanding

Input: How does the API caching mechanism work?
Phase 1: Grep "cache" + "portfolio" -> Read related files
Phase 2: Understand Redis TTL + fallback mechanism
Phase 3: Codex investigates independently
Phase 4: Compare differences -> output consolidated report

Problem Diagnosis

Input: Why is token price sometimes null?
Phase 1: Search price-related logic + error handling
Phase 2: Identify possible fallback paths
Phase 3: Codex diagnoses independently
Phase 4: Synthesize both findings -> list possible causes

Related Skills

sd0xdev/zh-tw

documentation

VerifiedTrustedCommunity

Rewrite the previous reply in Traditional Chinese

147SKILL.mdUpdated Apr 28, 2026

sd0xdev/watch-ci

development

VerifiedTrustedCommunity

Monitor GitHub Actions CI runs until completion. Use when: watching CI after push, checking build status, monitoring PR checks, waiting for CI completion, user says 'watch CI', 'check CI', 'CI status', 'monitor build', or /watch-ci. Not for: pushing code (use push-ci), creating PRs (use create-pr). Output: per-run verdict (pass/fail/timeout).

147SKILL.mdUpdated Apr 28, 2026

sd0xdev/verify

development

VerifiedTrustedCommunity

Verification loop — lint -> typecheck -> unit -> integration -> e2e

147SKILL.mdUpdated Apr 28, 2026

sd0xdev/update-docs

development

VerifiedTrustedCommunity

Research current code state then update corresponding docs, ensuring docs stay in sync with code.

147SKILL.mdUpdated Apr 28, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/sd0xdev/sd0x-dev-flow.git

# Copy into Claude Code skills folder (global)
cp -r sd0x-dev-flow/skills/code-investigate ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

sd0xdev/sd0x-dev-flow

144 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT