uinaf/cross-harness-review
skills/cross-harness-review/SKILL.md
Run a read-only code review through the opposite AI coding harness and return uinaf `review`-style findings, evidence, unverified gaps, and a ship-it / needs-review / blocked verdict. Use for `/review-with-claudex`, cross-harness review, opposite-model review, Claude reviewing Codex work, or Codex reviewing Claude work. Not an implementation or fix loop.
$ install --global
skillsauthnpx skillsauth add uinaf/skills cross-harness-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 2:06 AM178.5s3 files scanned
SKILL.md
- name:
- cross-harness-review
- description:
- Run a read-only code review through the opposite AI coding harness and return uinaf `review`-style findings, evidence, unverified gaps, and a ship-it / needs-review / blocked verdict. Use for `/review-with-claudex`, cross-harness review, opposite-model review, Claude reviewing Codex work, or Codex reviewing Claude work. Not an implementation or fix loop.
Cross-Harness Review
Use the other coding harness as the independent reviewer, then report in the compact review verdict shape.
Workflow
- Define the review target from the user's request: uncommitted diff, branch vs base, commit, PR, or named paths. If unspecified, review the current uncommitted diff.
- Detect the active harness:
- In Codex/OpenAI, invoke Claude Code for the review.
- In Claude/Anthropic, invoke Codex for the review.
- Run the preflight checks for the opposite harness.
- Delegate with the shared prompt below, filled with the target.
- Preserve the other harness's findings; note any local confirmation or dispute.
- Stop after one other-model review unless the user explicitly asks for an iterative loop.
For CLI flag details, fallback commands, and hosted-review cautions, read references/headless-modes.md.
Preflight
Check only the opposite harness:
# Codex active -> Claude reviewer
command -v claude
claude --version
claude auth status
# Claude active -> Codex reviewer
command -v codex
codex --version
codex login status
Report only installed/authenticated status. Keep account details, tokens, and config contents out of the report.
Shared Prompt
Use /review or $review if available. Otherwise follow the uinaf review contract:
findings first, then verdict exactly one of ship it / needs review / blocked,
then evidence, unverified, next, and optional notes.
Target: <uncommitted diff | branch vs base | commit | PR | paths>
Review read-only. Leave files, staging, commits, and fixes untouched.
Prioritize bugs, regressions, missing tests, silent failures, and contract drift. Use concise evidence with file/line references and targeted command results.
Codex Active
Use Claude Code print mode:
claude -p \
--permission-mode dontAsk \
--allowedTools "Read,Glob,Grep,LS,Bash(git *),Bash(rg *),Bash(jq *),Bash(npm *),Bash(pnpm *)" \
"<review prompt>"
Use hosted claude ultrareview only when the user explicitly asks and accepts the cost.
Claude Active
Use Codex exec review:
codex exec review --uncommitted --ephemeral - <<'PROMPT'
<shared prompt with Target set to current uncommitted diff>
PROMPT
Variants: branch review uses --base <base-ref>, commit review uses --commit <sha>, and custom scope belongs in the prompt.
Output
Match review:
- findings: none
- verdict: ship it
- evidence: Claude review covered the uncommitted diff and found no material issues
- unverified: runtime smoke not rerun
- next: verify
If the opposite harness cannot run:
- findings: none
- verdict: blocked
- evidence: Claude Code is not installed or authenticated, so no independent cross-harness review ran
- unverified: review target not inspected by the opposite harness
- next: review
Related Skills
uinaf/react-ban-use-effect
development
VerifiedTrustedCommunity
Ban direct `useEffect` in React code. Use when writing, refactoring, reviewing, or migrating React components or hooks that import, call, add, or replace direct `useEffect`; when an agent reaches for effects for derived state, fetching, event reactions, resets, or external sync; or when adding lint/agent rules for a no-direct-useEffect policy. Do not use for ordinary React work with no effect smell, non-React code, or legitimate effect architecture outside React.
2SKILL.mdUpdated May 29, 2026
uinaf/review-gang
development
VerifiedTrustedCommunity
Independently audit existing code, diffs, branches, or pull requests by spawning mandatory concern-specific reviewer subagents, then synthesizing their evidence into a ship decision. Use when triaging PR risk, deciding whether someone else's change is safe to ship, or following up after runtime proof. Invocation is explicit authorization to use reviewer subagents. Produces a `ship it` / `needs review` / `blocked` verdict. Do not use to self-check a change you just authored.
2SKILL.mdUpdated May 24, 2026
uinaf/gh-setup
testing
VerifiedTrustedCommunity
Set up or align a repository's GitHub collaboration and delivery surface: repo settings, branch/ruleset policy, PR and security templates, Actions hardening, GitHub Environments, release workflows, and deploy workflows. Use when standardizing GitHub setup for repos, CI/CD, publishing versioned packages, or deploying running apps; route app deploy details to deploy references and package publish details to release references.
2SKILL.mdUpdated May 24, 2026
uinaf/autoreview
development
VerifiedTrustedCommunity
Run structured Codex/Claude autoreview closeout for local changes, pull requests, branch diffs, or commits: choose the target, validate findings, rerun focused tests, and repeat review until clean. Use when asked for autoreview, second-model review, pre-merge review, or readiness-to-ship review.
2SKILL.mdUpdated May 24, 2026