octocode
SKILL.md
OctoCode (Semantic Code Research)
Use OctoCode to search across GitHub repositories for real implementations, patterns, and to conduct code/security reviews. Unlike Context7 (documentation lookup), OctoCode finds actual production code.
Tools
| Tool | Purpose |
|---|---|
octocode_githubSearchCode |
Search code across repositories by content or path |
octocode_githubSearchRepositories |
Discover repositories by topics, keywords, stars |
octocode_githubViewRepoStructure |
Explore repository directory structure |
octocode_githubGetFileContent |
Read files with pattern matching and line ranges |
octocode_githubSearchPullRequests |
Search PRs with discussions, diffs, and metadata |
octocode_packageSearch |
Search npm and PyPI packages |
When to Use OctoCode vs Context7
| Need | Tool | Why |
|---|---|---|
| Library API documentation | Context7 | Curated, version-specific docs |
| Find real implementations | OctoCode | Searches actual codebases |
| How does React do X? | OctoCode | Search React's source code |
| Axum middleware examples | OctoCode | Find production patterns |
| PR review with evidence | OctoCode | /review_pull_request command |
| Security vulnerability patterns | OctoCode | /review_security command |
Common Workflows
1. Research Implementation Patterns
# Find OAuth implementations in Rust
octocode_githubSearchCode({
query: "oauth axum",
language: "rust",
stars: ">100"
})
# Then explore the top result
octocode_githubViewRepoStructure({
owner: "found-org",
repo: "found-repo",
path: "src/auth"
})
# Read the specific implementation
octocode_githubGetFileContent({
owner: "found-org",
repo: "found-repo",
path: "src/auth/oauth.rs"
})
2. PR Review (Cleo)
For code quality reviews, use OctoCode to find canonical implementations for comparison:
# Find how top projects handle the same pattern
octocode_githubSearchCode({
query: "error handling middleware",
language: "typescript",
stars: ">1000"
})
3. Security Analysis (Cipher)
For security reviews, search for vulnerability patterns and fixes:
# Find how security issues were fixed
octocode_githubSearchPullRequests({
query: "CVE fix authentication",
state: "merged",
repo: "relevant/repo"
})
4. Research for Task Generation (Morgan)
Before generating implementation tasks, research existing patterns:
# How do multi-agent platforms handle task decomposition?
octocode_githubSearchCode({
query: "task decomposition agent",
language: "rust OR python",
stars: ">500"
})
OctoCode Commands (Prompts)
OctoCode provides specialized prompt commands for complex research:
| Command | Purpose | Use Case |
|---|---|---|
/research |
Deep code discovery and pattern analysis | Finding implementations before coding |
/plan |
Research-backed implementation planning | Planning complex features |
/review_pull_request |
Defects-first PR analysis | Quality reviews with evidence |
/review_security |
Security audit with validation | Security analysis with citations |
Using /research
/research How does React's useState hook work internally?
/research Compare state management: Redux vs Zustand vs Jotai
/research Find authentication patterns in axum Rust projects
Using /review_pull_request
/review_pull_request prUrl: https://github.com/5dlabs/cto/pull/123
This provides:
- Defects & Bugs: Logic errors, edge cases, race conditions
- Security Issues: Injection vulnerabilities, auth bypasses
- Performance: N+1 queries, memory leaks
- Code Quality: Complexity, maintainability
Using /review_security
/review_security repoUrl: https://github.com/5dlabs/cto
This provides:
- Authentication & Authorization: Auth flows, session management
- Input Validation: Injection points, sanitization
- Secrets Management: Hardcoded credentials, API keys
- Dependencies: Known vulnerabilities, supply chain risks
Best Practices
- Use both tools together - Context7 for docs, OctoCode for implementations
- Be specific with searches - "axum middleware error handling" not "error handling"
- Filter by stars -
stars:>100for quality code - Cite your sources - Include GitHub links in research findings
- Check recent PRs - For understanding how issues were solved
Integration with Deep Research
OctoCode complements Firecrawl for comprehensive research:
| Research Type | Primary Tool | Secondary Tool |
|---|---|---|
| Competitive analysis | Firecrawl Agent | OctoCode (open source competitors) |
| Implementation patterns | OctoCode | Context7 (docs for libraries used) |
| Best practices | Firecrawl | OctoCode (real code examples) |
| Bug investigation | OctoCode | GitHub MCP (internal PRs) |
Example: Research-Backed Task Generation
When Morgan processes a PRD mentioning "implement OAuth like Auth0":
1. Use OctoCode to search for OAuth implementations:
octocode_githubSearchCode({ query: "oauth2 refresh token rotation rust" })
2. Analyze how top projects structure auth:
octocode_githubViewRepoStructure({ owner: "top-project", repo: "auth" })
3. Extract patterns from implementations:
octocode_githubGetFileContent({
owner: "top-project",
repo: "auth",
path: "src/oauth.rs",
matchString: "refresh_token"
})
4. Embed findings in task details for implementation agents
Weekly Installs
3
Repository
5dlabs/ctoFirst Seen
Jan 24, 2026
Installed on
claude-code2
windsurf1
trae1
opencode1
codex1
antigravity1