From skills
Uses Codex CLI as a second agent: proactively runs code review after substantive changes, and delegates implementation tasks via codex exec when requested.
How this skill is triggered — by the user, by Claude, or both
Slash command
/skills:codexThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Codex is an independent agent on PATH (`codex` — invoke as `command codex` if
Codex is an independent agent on PATH (codex — invoke as command codex if
a shell alias shadows it), sharing this working tree and already authenticated. It is a second opinion, not ground truth: verify what it
reports, own what it changes. It reads the same skills your repo carries.
codex is not installedWhen codex is missing from PATH, offer to install it — ask the user for
approval first, never install on your own initiative. On yes, follow the
current instructions at https://developers.openai.com/codex/cli. First-run
authentication is interactive — hand that step to the user. Verify with
codex --version before proceeding.
Prompt Codex like an operator, not a collaborator: compact, block-structured
with XML tags. State the task, what "done" looks like, and the few constraints
that matter. A tighter prompt beats a bigger run — improve the contract before
raising --effort.
<task> — the concrete job, the repo/failure context, the expected end
state. Nearly always present.<output_contract> — exact shape, highest-value first, compact.<default_follow_through> — take the low-risk interpretation and keep
going; stop only when a missing detail changes correctness, safety, or an
irreversible action.<verification_loop> — before finalizing, check the result against the
requirements and the changed files; revise rather than ship the first
draft. Any risky fix.<grounding> — ground every claim in code or tool output; label inferences
as inferences. Review and research.<action_safety> — keep the diff tightly scoped; no drive-by refactors.
Write tasks.Run a Codex review whenever you have a substantive diff you'd want a second set of eyes on — a refactor, a tricky algorithm, renderer work, a security-sensitive change — before declaring it done or committing. Skip it for trivial edits (typos, comments, doc-only).
codex review --uncommitted for working-tree changes,
--base <branch> for a branch diff, --commit <sha> for a landed commit.
Scope flags and custom instructions are mutually exclusive (despite what
--help implies): codex review "<instructions>" reviews the default
scope with your framing, a scope flag takes no prompt. When you do write
instructions, scope the risk area — never state the answer you expect
(unprimed, same discipline as
screenshot-critique).Delegate implementation to Codex only when the user names Codex for the task. Never hand it work on your own initiative, and never re-delegate follow-up work without a fresh ask.
codex exec --sandbox workspace-write "<task>".
Network is off; add -c sandbox_workspace_write.network_access=true only
when the task must fetch (e.g. new deps).codex exec --dangerously-bypass-approvals-and-sandbox "<task>". The
sandbox blocks localhost binds (listen EPERM on vite/playwright), so a
sandboxed codex ships code it never saw run. Bypass trades that blindness
for zero OS control: only in a dedicated git worktree, only with a prompt
you authored end-to-end (never relaying third-party text), and the diff
review you owe afterwards is the control.
Use -o <file> to capture the final message and background long calls;
suppress codex's stderr thinking-noise with 2>/dev/null so it doesn't
bloat your context (drop it only to debug a failing run), and add
--skip-git-repo-check to run outside a git repo. Non-interactive runs
never ask for approval either way.codex exec resume <session-id> "<follow-up>", taking the
id from the run header. resume --last means the most recent session
globally — a review or any other codex run in between will hijack it. If
two resume rounds don't converge, stop delegating and finish it yourself —
iterating a confused agent costs more than taking over.A backgrounded codex exec can wedge at startup: process alive at ~0% CPU, but
no session file under ~/.codex/sessions/<Y/M/D>/, no network socket, no tree
changes. "Process running" is NOT "working."
/dev/null, never an inherited terminal. Left
on an interactive/piped stdin with no prompt source, exec prints Reading additional input from stdin... and blocks forever — the most common hang.
Either pass the prompt as a positional arg with < /dev/null, or feed a
prompt file with codex exec [flags] - < prompt.txt (the - makes codex
read the task from stdin, and a missing file fails the redirect loudly —
unlike "$(cat prompt.txt)", which silently sends the fallback string as
the task). Add nohup/& as needed.grep -rl "<marker>" ~/.codex/sessions/<Y/M/D>/ finds no session within
~3 minutes. Relaunching after a kill reliably works.[projects."<worktree-path>"]\ntrust_level = "trusted" to
~/.codex/config.toml before exec'ing in one. This is the safe fix; the
bypass flags stay forbidden here.web/), every edit outside
it is rejected as "writing outside of the project" and a never approval
policy can't recover — the run burns with zero files changed. Pass
-C <root> to set the working root explicitly instead of cd-ing into it.--sandbox read-only (the default) for consultation and questions;
workspace-write only for delegated implementation.--dangerously-bypass-approvals-and-sandbox is reserved for tasks that must
run browsers/servers/full suites (above) — dedicated worktree, self-authored
prompt, mandatory diff review after. --full-auto has been removed (it
aliased workspace-write) — don't reach for it.-c model_reasoning_effort=high, -m <model> (the old --effort flag is gone
in current Codex). Leave both at their defaults unless the user asks —
tighten the prompt first.npx claudepluginhub dzhng/skillsUse OpenAI Codex from inside Claude Code for code reviews and delegated background tasks.
Delegates mechanical or bulk implementation to OpenAI Codex CLI, provides independent cross-model diff review, and answers read-only second-opinion questions.
Orchestrates cross-agent code review: Claude implements plans/code, Codex CLI reviews via bash scripts. Activates on 'codex review' or Russian triggers.