ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

codex-review

Three-tier code quality defense: L1 quick scan, L2 deep audit (via bug-audit), L3 cross-validation with adversarial testing. 三级代码质量防线。

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/abczsl520/codex-review
Or

Codex Review — Three-Tier Code Quality Defense

Unified orchestration layer: picks audit depth based on trigger phrases. bug-audit is invoked as an independent skill — never modified.

Security & Privacy

  • Read-only by default: This skill only reads your project files for analysis. It does NOT modify, delete, or upload your code anywhere.
  • Optional external model: L1/L3 can use an external code-review API (OpenAI-compatible) for a second opinion. This is opt-in — if no API key is configured, the skill works fine with agent-only review.
  • Credentials via environment variables only: API keys are loaded from CODEX_REVIEW_API_KEY env var. Never hardcoded, never logged, never stored.
  • Local-only artifacts: Hotspot files are written to system temp directory and auto-cleaned. No network transmission of analysis results.
  • No data exfiltration: Code snippets sent to the external API are limited to the files being reviewed. No telemetry, no analytics, no third-party data sharing beyond the configured review model.

Prerequisites

  • External model API (optional, for L1 Round 1 and L3): Any OpenAI-compatible endpoint.
    • Set env vars: CODEX_REVIEW_API_BASE (default: https://api.openai.com/v1), CODEX_REVIEW_API_KEY, CODEX_REVIEW_MODEL (default: gpt-4o)
    • Works without this — falls back to agent-only audit
  • bug-audit skill (optional): Required for L2/L3. Without it, L2 uses a built-in fallback.
  • curl: For API calls (standard on macOS/Linux)

Trigger Mapping

User saysLevelWhat it doesEst. time
"review" / "quick scan" / "review下" / "检查下"L1External model scan + agent deep pass5-10 min
"audit" / "deep audit" / "审计下" / "排查下"L2Full bug-audit flow (or built-in fallback)30-60 min
"pre-deploy check" / "上线前检查"L1→L2L1 scan → record hotspots → L2 audit → hotspot gap check40-70 min
"cross-validate" / "highest level" / "交叉验证"L3Dual independent audits + compare + adversarial test60-90 min

Level 1: Quick Scan (core of codex-review)

Flow

  1. Gather code — local read, git clone <url>, server scp, user-pasted snippet, or PR diff
  2. Exclude — node_modules/, .git/, package-lock.json, dist/, *.db, pycache/, vendor/
  3. Round 1 — send to external model API for automated scan (skipped if no API key)
  4. Round 2 — current agent does deep supplementary pass
  5. Merge & dedup — output severity-graded report
  6. Write hotspot file (for L1→L2 handoff)

External Model API Call

Read Full Documentation on GitHub

Metadata

Author@abczsl520
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-abczsl520-codex-review": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags

#code-review#quality-assurance#bug-detection#security-audit#cross-validation#ai-code-review#nodejs#openclaw-skill#clawhub#devops
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

q-kdb-code-review

AI-powered code review for Q/kdb+ — catch bugs in the most terse language in finance

beee003 2387

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 2387

afrexai-observability-engine

Complete observability & reliability engineering system. Use when designing monitoring, implementing structured logging, setting up distributed tracing, building alerting systems, creating SLO/SLI frameworks, running incident response, conducting post-mortems, or auditing system reliability. Covers all three pillars (logs/metrics/traces), alert design, dashboard architecture, on-call operations, chaos engineering, and cost optimization.

1kalin 2387

system-monitor-pro

Real-time OpenClaw system monitoring with beautiful terminal UI. CPU, memory, disk, GPU, Gateway, cron jobs, model quota, and multi-machine support. Works on macOS and Linux.

dagangtj 2387

skill-multi-publisher

One-command publish a Claude Code skill to ALL major marketplaces: GitHub (npx skills), ClawHub, and community marketplaces (composiohq/awesome-claude-skills, anthropics/skills, daymade/claude-code-skills, obra/superpowers-marketplace). Validates SKILL.md, auto-generates missing files, creates repos, publishes, and submits PRs to community directories.

dongsheng123132 2387