Stats
Actions
Tags
From skills-marketplace
Use Codex CLI for AI-powered code review. Triggers on "codex review", "review with codex", "code review pr", or when user wants AI code review before PR/merge.
How this skill is triggered — by the user, by Claude, or both
Slash command
/skills-marketplace:codex-code-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Leverage OpenAI's Codex CLI for comprehensive, AI-powered code review that catches bugs, security issues, and code quality problems.
Leverage OpenAI's Codex CLI for comprehensive, AI-powered code review that catches bugs, security issues, and code quality problems.
npm install -g @openai/codex)OPENAI_API_KEY environment variable)# Start Codex CLI
codex
# Then type /review to access review presets
| Mode | Use When |
|---|---|
| Branch comparison | Before opening a PR, to catch issues early |
| Uncommitted changes | Before committing, to review staged/unstaged files |
| Commit review | To analyze a specific commit's changes |
| Custom instructions | To focus on specific concerns (security, accessibility, etc.) |
# Start interactive session
codex
# Review uncommitted changes
/review
# Select: "Review uncommitted changes"
codex
# Review against base branch
/review
# Select: "Review against a base branch"
# Choose your target branch (e.g., main)
codex
/review
# Select: "Custom review instructions"
# Enter: "Focus on security vulnerabilities and SQL injection"
Comment on any pull request:
@codex review
Codex will react with 👀 and post a standard GitHub code review.
@codex review for security regressions
@codex review focusing on performance implications
@codex review checking error handling
Create AGENTS.md in your repository root:
# Review Guidelines
## Security
- Check for SQL injection vulnerabilities
- Verify input sanitization
- Review authentication/authorization logic
## Code Quality
- Ensure functions have single responsibility
- Check for proper error handling
- Verify test coverage for new code
## Performance
- Review database queries for N+1 issues
- Check for unnecessary re-renders in React components
name: Codex Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: openai/codex-action@v1
with:
prompt-file: .github/codex-review-prompt.md
sandbox: read-only
safety-strategy: drop-sudo
output-file: review-findings.json
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
- name: Post Review Comments
uses: actions/github-script@v7
with:
script: |
const findings = require('./review-findings.json');
// Post inline comments based on findings
Create .github/codex-review-prompt.md:
Review this pull request for:
1. Security vulnerabilities (OWASP Top 10)
2. Logic errors and edge cases
3. Performance issues
4. Code maintainability
5. Test coverage gaps
Focus on issues that impact correctness, performance, security,
maintainability, or developer experience.
Provide exact file paths and line numbers for all findings.
Rate confidence for each finding (high/medium/low).
Input:
Review my changes before I commit
Output:
# Start Codex and run review
codex
/review
# Select: "Review uncommitted changes"
# Codex analyzes staged/unstaged files and reports:
# - P0: SQL injection risk in user_service.py:45
# - P1: Missing null check in api/handlers.py:123
# - P2: Consider extracting duplicate logic in utils.py
Input:
Do a security review of PR #42
Output:
# Comment on GitHub PR:
@codex review for security vulnerabilities
# Codex responds with GitHub code review:
# 🔴 P0: Unsanitized user input passed to shell command (cmd.py:78)
# 🟠 P1: JWT token stored in localStorage (auth.js:34)
# 🟡 P2: Missing rate limiting on login endpoint (routes.py:56)
Input:
Set up automatic code review in GitHub Actions
Output:
.github/workflows/codex-review.yml with openai/codex-action@v1OPENAI_API_KEY to repository secrets.github/codex-review-prompt.md with review criteriaInput:
Review this code focusing on React performance
Output:
codex
/review
# Select: "Custom review instructions"
# Enter: "Focus on React performance: unnecessary re-renders, missing memo/useMemo/useCallback, large bundle imports"
# Codex reports:
# - P1: Component re-renders on every parent update, wrap with React.memo
# - P1: Expensive computation in render, move to useMemo
# - P2: Importing entire lodash, use lodash-es with tree shaking
Run multiple review types for comprehensive coverage:
# First: check uncommitted changes
/review → "Review uncommitted changes"
# Then: compare against main for full PR scope
/review → "Review against a base branch" → main
Tailor reviews to your stack:
# Review Guidelines
## Our Stack: Next.js + Prisma + tRPC
- Check for missing Prisma transaction wrapping
- Verify tRPC input validation with Zod
- Review Next.js data fetching patterns (SSR vs CSR)
- Flag any `any` types in TypeScript
Track code quality over time:
codex exec --output-schema review-schema.json "Review src/" > findings.json
# Parse findings.json to track P0/P1 counts per sprint
# Before refactor: baseline
git stash
codex → /review → "Review against main"
# Note: 3 P1 issues
# After refactor: verify improvement
git stash pop
codex → /review → "Review against main"
# Confirm: 0 P1 issues, no new problems introduced
Add to AGENTS.md to reduce noise:
## Exclusions
- Ignore files matching: *.generated.ts, *.min.js, dist/*, coverage/*
- Skip lock files: package-lock.json, yarn.lock, pnpm-lock.yaml
| Situation | Recommended Mode |
|---|---|
| Pre-commit check | Uncommitted changes |
| Pre-PR validation | Branch comparison |
| Post-merge audit | Commit review |
| Security audit | Custom with security focus |
Default GitHub integration shows only P0 (critical) and P1 (high) issues. Adjust in AGENTS.md:
# Review Guidelines
## Severity Configuration
- Show P0, P1, and P2 issues
- Ignore style-only findings
For optimal workflow:
# Implement with Claude
claude "Add user authentication feature"
# Review with Codex before PR
codex
/review
For critical reviews, use the strongest model:
# In codex config (~/.codex/config.json)
{
"review_model": "gpt-5.2-codex"
}
For CI/CD integration with inline comments:
{
"type": "object",
"properties": {
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"title": { "type": "string" },
"body": { "type": "string" },
"confidence": { "type": "number" },
"priority": { "enum": ["P0", "P1", "P2", "P3"] },
"file": { "type": "string" },
"start_line": { "type": "integer" },
"end_line": { "type": "integer" }
}
}
},
"verdict": {
"type": "object",
"properties": {
"status": { "enum": ["approved", "changes_requested"] },
"explanation": { "type": "string" },
"confidence": { "type": "number" }
}
}
}
}
Ensure your API key has access to the review model:
export OPENAI_API_KEY="sk-..."
codex models list
@codex has repository accessGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.
npx claudepluginhub beshkenadze/claude-skills-marketplace --plugin global-accessibility