Claude Code Codex one spec, every runtime

Build agent plugins
without reading the docs.

Describe a workflow. Get valid, installable plugin files for Claude Code or Codex in minutes.

or start from a template

Why a plugin

Without a plugin

14 msgs · 12.4k tokens · ~6 min

Review PR #482 for security issues.

I can help with that. In general, security review means checking for SQL injection, XSS, auth bypass, and secret leakage. Do you want me to walk through each of those categories?

No — actually review the PR. Here is the diff link.

I don't have access to external URLs. Could you paste the diff in the chat and I'll look at it?

(pastes 800-line diff)

Thanks. At a glance the diff touches auth middleware and a new DB query. I can review it — would you like me to focus on auth changes, DB queries, or both?

Both. Just give me the findings.

Okay. Broadly, here are the categories to check: ...

With a plugin

2 msgs · 3.1k tokens · ~15 sec

Review PR #482 for security issues.

**Using skill `review-pr` (security-reviewer agent, forked).** Fetched PR #482. Running the 4 gates from your security checklist. **BLOCK — auth token in `auth.middleware.ts:42`** Hardcoded bearer token committed. Rotate immediately, move to env. **BLOCK — SQL injection in `orders.service.ts:118`** String concat into `WHERE id = ${input}`. Switch to parameterised query. **REVIEW — missing CSRF guard on `/admin/purge`** New route, no CSRF token check. Confirm this is intentional for an admin-only API. **OK — dependency bumps** All CVE-free per `npm audit`. **Verdict:** BLOCK. 2 hard findings, 1 to confirm.

The plugin on the right took about 10 minutes to build. It runs every time, automatically.

starter templates

PR workflow

3 skills · 1 agent

Review, summarise, and convention-check pull requests.

gitcode-review

Deploy checklist

2 skills · 1 hook

Your team's pre-deploy gate and ship-it ritual, scripted.

deploymentdevops

Code quality

2 skills · 1 hook