Code Analysis

This skill helps identify timing side-channel vulnerabilities in cryptographic implementations by analyzing compiled assembly or bytecode for dangerous instructions like variable-time division, secret-dependent branches, and non-constant-time comparisons. It supports C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, and Ruby, and provides remediation guidance using patterns like Barrett reduction and constant-time selection.

This skill enables deep, line-by-line code analysis for security audits and architecture reviews. It provides structured frameworks including First Principles, 5 Whys, and 5 Hows methodologies to build comprehensive understanding of codebases before vulnerability hunting. The skill focuses purely on context building and explicitly excludes vulnerability findings or exploit reasoning.

This skill integrates the OpenAI Codex CLI with Claude Code, allowing users to run code analysis, refactoring, and automated editing tasks. It provides a structured workflow with explicit permission prompts before executing high-impact operations, and supports resuming previous Codex sessions.