How do I invoke Codex integration?

Use explicit /codex commands or spawn the codex-agent subagent. Default model is gpt-5.3-codex with a read-only sandbox.

What model and sandbox should I use?

Default to gpt-5.3-codex and read-only sandbox; switch to workspace-write only if the task requires code modifications.

What if Codex isn’t installed?

Show the Codex CLI not installed message and follow the provided steps: install Codex, run codex login, and consult the Codex CLI docs.

codex-integration

npx machina-cli add skill thepushkarp/cc-codex-plugin/codex --openclaw

Files (1)

SKILL.md

5.0 KB

Codex Integration

OpenAI's Codex CLI is a complementary tool for detail-oriented code analysis. Codex excels at thorough, meticulous review work - think of it as a "sharp-eyed second opinion" for code.

When to Use Codex

Ideal use cases:

Deep code review for security vulnerabilities or correctness issues
Thorough bug hunting in complex code paths
Detailed implementation planning with attention to edge cases
Getting a second perspective on critical code
Exploratory analysis requiring meticulous attention

Not ideal for:

Simple, straightforward tasks Claude handles well alone
Interactive debugging sessions (Codex exec is non-interactive)
Tasks where speed matters more than depth
Trivial code changes or obvious fixes

Invocation Methods

Method 1: Explicit /codex Command

Users invoke directly with optional flags:

/codex review the authentication middleware for security issues
/codex --model gpt-5.2 analyze this algorithm
/codex --sandbox workspace-write generate tests for this module

Available flags:

Flag	Values	Default
`--model`	any model name	gpt-5.3-codex
`--sandbox`	read-only, workspace-write, danger-full-access	read-only

Method 2: Spawning codex-agent

When Claude determines Codex would add value, spawn the codex-agent subagent:

"Let me have Codex take a detailed look at this code for potential bugs..."
[Spawn codex-agent with task description]
[Synthesize Codex's findings with own analysis]

The agent always uses safe defaults (gpt-5.3-codex, read-only sandbox).

CLI Reference

Core command pattern for non-interactive execution (use inline prompt, not piped stdin):

codex exec \
  --model gpt-5.3-codex \
  --sandbox read-only \
  "<prompt>" \
  2>&1

Key flags:

--model, -m - Model to use (gpt-5.3-codex recommended for code tasks)
--sandbox, -s - Execution permissions (read-only safest)
2>&1 - Capture all output

Note: Interactive slash commands like /review only work in Codex's interactive mode, not via codex exec.

Error Handling

Codex Not Installed

If codex command not found, show:

Codex CLI is not installed.

To install:
  brew install codex

Then authenticate:
  codex login

For more info: https://developers.openai.com/codex/cli

Common Issues

API key issues: User needs to run codex login to authenticate
Timeout: Complex tasks may take time. Be patient or try a simpler task description.
Sandbox errors: If Codex needs to write files, user must specify --sandbox workspace-write

Best Practices

Start with defaults - gpt-5.3-codex works well for most tasks
Keep read-only sandbox - Unless task explicitly requires file modifications
Be specific in prompts - Tell Codex exactly what to look for
Synthesize results - When using codex-agent, combine Codex's findings with Claude's analysis

Prompting Best Practices

gpt-5.3-codex responds best to explicit, scoped prompts with concrete constraints.

Core Principles

Scope discipline - Be explicit about boundaries
- DO: "Review ONLY the auth flow. Do NOT suggest unrelated improvements."
- DON'T: "Review this code" (too open-ended)
Bias toward action - Request concrete output
- DO: "List specific bugs found with file:line references"
- DON'T: "Tell me what you think about this code"
No preambles - Skip status updates
- Add to prompts: "Skip preambles. Lead with findings."
Structured output - Request specific formats
- "Format: file.ts:line - issue description"

Task-Specific Prompt Templates

Security Review

Review <file/module> for security vulnerabilities.
Focus ONLY on: auth, injection, data exposure, access control.
Do NOT suggest style changes or refactoring.
Format each finding as: `file:line` - severity - issue
Skip preambles.

Bug Hunting

Find bugs in <file/module>.
Look for: edge cases, off-by-one, null handling, race conditions.
ONLY report actual bugs, not style issues.
Format: `file:line` - bug description - suggested fix
Skip preambles. Lead with findings.

Implementation Planning

Create implementation plan for: <feature>.
Constraints: <existing patterns to follow>.
Output structure:
1. Overview
2. Files to modify (with line ranges)
3. Implementation steps
4. Edge cases to handle
Do NOT include code samples unless critical. Skip preambles.

Code Review

Review <file> for correctness and reliability.
Focus ONLY on: logic errors, missing error handling, incorrect assumptions.
Ignore: style, naming, formatting.
Format: `file:line` - issue - recommendation
Skip preambles.

Source

git clone https://github.com/thepushkarp/cc-codex-plugin/blob/main/skills/codex/SKILL.mdView on GitHub

Overview

Codex Integration provides a sharp-eyed, CLI-based code analysis workflow using OpenAI's Codex. Use it for deep reviews, bug hunting, and careful planning where precision matters, complementing Claude with automated scrutiny.

How This Skill Works

You can invoke Codex directly with /codex commands or spawn a codex-agent when Claude determines Codex would add value. Codex runs with a safe default model (gpt-5.3-codex) and a read-only sandbox by default, returning findings that Claude can synthesize into final recommendations.

When to Use It

Deep code review for security vulnerabilities or correctness issues
Thorough bug hunting in complex code paths
Detailed implementation planning with attention to edge cases
Getting a second perspective on critical code
Exploratory analysis requiring meticulous attention

Quick Start

Step 1: Choose mode (direct /codex or spawn codex-agent)
Step 2: Craft a precise, scoped prompt and select an appropriate model/sandbox
Step 3: Run codex and synthesize Codex findings with Claude's analysis, then apply fixes

Best Practices

Start with defaults — gpt-5.3-codex works well for most tasks
Keep read-only sandbox unless file modifications are required
Be specific in prompts — tell Codex exactly what to look for
Synthesize Codex findings with Claude's analysis when using codex-agent
Request structured output with explicit scope and concrete constraints

Example Use Cases

Review the authentication middleware for security issues
Generate tests for a module using workspace-write access
Analyze a complex algorithm for edge-case correctness
Provide a second opinion on a performance-critical code path
Bug-hunt in an async workflow by tracing data flow and race conditions

Frequently Asked Questions

Add this skill to your agents