takazudo/codex-review
skills/codex-review/SKILL.md
Code review using OpenAI Codex CLI (codex exec review). PREFERRED over /light-review for code review. Use when: (1) User says 'review', 'code review', or 'codex review', (2) After implementation when quality check is needed, (3) Child agents self-reviewing. Runs multiple codex review instances in parallel. Falls back to Claude Code if codex unresponsive.
$ install --global
skillsauthnpx skillsauth add takazudo/claude-resources codex-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 9, 2026, 5:00 AM190.2s1 file scanned
SKILL.md
- name:
- codex-review
- description:
- Code review using OpenAI Codex CLI (codex exec review). PREFERRED over /light-review for code review. Use when: (1) User says 'review', 'code review', or 'codex review', (2) After implementation when quality check is needed, (3) Child agents self-reviewing. Runs multiple codex review instances in parallel. Falls back to Claude Code if codex unresponsive.
Codex Review
Code review via the codex plugin companion script. Runs codex review, collects results, and synthesizes findings.
Codex Plugin Companion Script
The codex plugin provides a companion script for running reviews. Resolve it dynamically:
CODEX_PLUGIN_ROOT=$(command ls -d "$HOME/.claude/plugins/cache/openai-codex/codex"/*/ 2>/dev/null | sort -V | tail -1)
CODEX_COMPANION="${CODEX_PLUGIN_ROOT}scripts/codex-companion.mjs"
If the directory or file does not exist, report "Codex plugin not installed. Run /codex:setup first." and fall back to Claude Code review.
Usage:
node "$CODEX_COMPANION" review --base <branch> --wait
Key flags:
--base <branch>: Review changes against this base branch--wait: Run in foreground (block until complete)--scope auto|working-tree|branch: Scope selection (default: auto)
Process
Step 0: Pre-flight Rate Limit Check
Before doing anything, check if Codex is currently rate-limited:
RATE_CHECK=$(node $HOME/.claude/scripts/codex-rate-limit.js check 2>&1)
RATE_EXIT=$?
If RATE_EXIT is non-zero (rate-limited), skip all codex steps and jump directly to the Fallback step. Do NOT report the rate limit to the user — silently fall back.
Step 1: Determine Base Branch
BRANCH=$(git branch --show-current)
BASE=$(gh pr view --json baseRefName -q '.baseRefName' 2>/dev/null)
If no PR, use default branch:
BASE=$(git remote show origin | grep 'HEAD branch' | awk '{print $NF}')
Step 2: Prepare Environment
LOGDIR=$(node $HOME/.claude/scripts/get-logdir.js)
mkdir -p "$LOGDIR"
DATETIME=$(date +%Y%m%d_%H%M%S)
# Resolve codex companion script (pick latest version if multiple exist)
CODEX_PLUGIN_ROOT=$(command ls -d "$HOME/.claude/plugins/cache/openai-codex/codex"/*/ 2>/dev/null | sort -V | tail -1)
CODEX_COMPANION="${CODEX_PLUGIN_ROOT}scripts/codex-companion.mjs"
# Detect timeout command (gtimeout on macOS via coreutils, timeout on Linux/WSL)
if command -v gtimeout &>/dev/null; then
TIMEOUT_CMD="gtimeout"
elif command -v timeout &>/dev/null; then
TIMEOUT_CMD="timeout"
else
TIMEOUT_CMD=""
echo "WARNING: neither gtimeout nor timeout found. Running without timeout."
fi
Use $DATETIME in all output filenames below to avoid overwriting previous runs.
Step 3: Run Codex Review
Run the companion script's review command with --base and --wait:
${TIMEOUT_CMD:+$TIMEOUT_CMD} ${TIMEOUT_CMD:+1500} node "$CODEX_COMPANION" review --base "$BASE" --wait \
> "$LOGDIR/${DATETIME}-codex-review.md" \
2>"$LOGDIR/${DATETIME}-codex-review-stderr.log"
Launch as a background Bash task with a 25-minute timeout.
Step 4: Collect Results and Check for Rate Limiting
After codex completes (or times out):
-
Check for rate limiting in the output files:
node $HOME/.claude/scripts/codex-rate-limit.js check-output \ "$LOGDIR/${DATETIME}-codex-review.md" \ "$LOGDIR/${DATETIME}-codex-review-stderr.log"If exit code is non-zero (rate limit detected), jump to Fallback.
-
Check the output file (
$LOGDIR/${DATETIME}-codex-review.md) exists and has content -
If missing or empty, read the stderr log (
$LOGDIR/${DATETIME}-codex-review-stderr.log) to diagnose why -
Report any stderr contents to the user (auth errors, API failures, etc.)
Step 5: Fallback — Opus
If codex timed out, produced no output, or is rate-limited:
- Silently fall back to Opus — do NOT report the rate limit or timeout to the user. Do NOT pause the workflow.
- Spawn 2
code-reviewersubagents in parallel (like /light-review) withmodel: opus, reviewing the diff against$BASE. Opus is the designated Claude-side stand-in for codex: roughly comparable quality, no quota-loud failure mode. - Continue the workflow as if
/light-reviewwas invoked instead
Step 6: Synthesize and Report
- Read codex output and organize findings
- Categorize by priority (high / medium / low)
- Present a clear summary to the caller
- Include log file paths for reference
Step 7: Apply Fixes
- High priority: Implement automatically
- Medium priority: Implement if clearly safe, otherwise ask
- Low priority: Ask user
Step 8: Commit Changes
If fixes were applied, commit with a descriptive message.
Timeout Policy
- Timeout: 25 minutes (1500s via
gtimeout/timeoutcommand, auto-detected) - If codex times out: Silently fall back to Opus (2
code-reviewersubagents withmodel: opus)
Important Notes
- Codex runs in read-only sandbox by default for reviews — it cannot modify files
- All file writing and editing is done by Claude Code, never by codex
- Output files go to
$LOGDIR/${DATETIME}-codex-review-*.md(timestamped to avoid overwrites) - Stderr logs go to
$LOGDIR/${DATETIME}-codex-review-*-stderr.log(for debugging silent failures) - This skill is preferred over /light-review for code review tasks
- Silent fallback policy: If codex is rate-limited, timed out, or unavailable for any reason, silently fall back to Opus (2
code-reviewersubagents atmodel: opus, like/light-review). NEVER pause the workflow, NEVER report the rate limit to the user, NEVER ask what to do. Just continue with the fallback as if nothing happened. Opus is the designated Claude-side stand-in for codex throughout these skills — the user already chose-coto mean "give me the better reviewer," so dropping to Opus matches the spirit of that choice when codex is unavailable
Related Skills
takazudo/dev-linkify-cc-resources
development
VerifiedTrustedCommunity
Link Claude Code skill names mentioned in a CodeGrid article (data/{series}/{n}.md) to the author's public claude-resources repo, pinned to the latest commit hash so links don't rot. Use when: (1) user says 'linkify cc resources', 'link the skills', 'link skill names', or invokes /dev-linkify-cc-resources; (2) editing a CodeGrid article that mentions `/commits`, `/pr-complete`, `/skill-creator` or other Claude Code skills and they should point to claude-resources. Only links skills that actually exist in the public repo; skips hypothetical examples and code blocks.
10SKILL.mdUpdated Jun 2, 2026
takazudo/opus-2nd
development
VerifiedTrustedCommunity
Second opinion from Claude Opus on a plan or approach. Use when: (1) Planning phase of /big-plan needs a higher-quality review than /codex-2nd / /gco-2nd, (2) User says 'opus 2nd' or 'opus opinion', (3) Wanting Anthropic's larger model to critique a plan. Spawns a general-purpose Agent with model: opus that reads the plan file and returns structured feedback. Anthropic quota — not free.
10SKILL.mdUpdated May 29, 2026
takazudo/dev-ai-based-test
tools
VerifiedTrustedCommunity
AI-based testing via subagent + a per-task test-flow skill. Use when the user wants to verify something that mechanical assertions can't fully capture — image recognition, visual size/position comparison, animation smoothness, multi-step manual flows that need AI judgment. Triggers: 'AI-based test', 'AI test', 'visual verify', 'image recognition test', 'manual operation test', 'human-eye check', 'verify visually', 'compare screenshots', 'looks the same', 'looks correct'. The skill's job is to (1) author a focused test-flow skill that captures the exact procedure + verdict criteria, then (2) dispatch a verification subagent via the Agent tool that loads BOTH the test-flow skill AND a browser-driving skill (/verify-ui primary, /headless-browser fallback) so the subagent has clear context and consistent verdicts. NEVER uses `claude -p` — subagent dispatch goes through the Agent tool exclusively.
10SKILL.mdUpdated May 29, 2026
takazudo/cleanup-resources
development
VerifiedTrustedCommunity
End-of-workflow audit of touched GitHub issues, PRs, and branches via a Sonnet subagent. Use when: (1) /big-plan, /x-as-pr, or /x-wt-teams finishes its main work and needs to verify every touched resource is in the right state (closed when done, kept when ongoing, deleted when dead), (2) User says 'cleanup resources', 'audit cleanup', or 'check what should be closed', (3) A long workflow ends and the manager wants a structured paper trail of what it closed/kept/deleted. Auto-execute by default — the Sonnet agent proposes, the manager (you) executes safe actions and prints a final report.
10SKILL.mdUpdated May 29, 2026