code review Agent Skills

code-review-excellence helps agents produce clearer, more constructive code reviews with better prioritization, reviewer tone, and actionable feedback for pull requests, mentoring, and team review standards.

code-review-and-quality is a structured pre-merge review skill that checks correctness, readability, architecture, security, and performance. Install it from the parent repo, read skills/code-review-and-quality/SKILL.md, and use it with diffs, task context, and test results for stronger review decisions.

flutter-dart-code-review is a library-agnostic Flutter and Dart code review checklist for architecture, widget quality, state management, performance, accessibility, security, and clean code. Use it as a structured flutter-dart-code-review guide for Code Review across BLoC, Riverpod, Provider, GetX, MobX, Signals, or custom patterns.

receiving-code-review helps you verify PR feedback before editing code. Use it to restate review comments, check them against the codebase, ask for clarification on unclear items, and push back when suggestions do not fit.

requesting-code-review is a lightweight workflow for dispatching the superpowers:code-reviewer subagent with a clean git diff, requirements, and change summary so reviews happen at the right time and produce actionable, severity-ranked feedback before merge.

code-reviewer is an AI code review skill that follows a strict review order: security, performance, correctness, and maintainability. It uses rule files for SQL injection, XSS, N+1 queries, error handling, naming, and type hints, making PR reviews more consistent than a generic review prompt.

differential-review is a security-focused code review skill for PRs, commits, and diffs. It uses baseline history, blast radius, test coverage, and structured reporting to help catch regressions in auth, crypto, external calls, and other high-risk paths. Use it for differential-review for Code Review when you need evidence-backed findings.

code-reviewer is a lightweight skill for Code Review that turns code or diffs into a structured report covering security, performance, best practices, severity, affected lines or sections, recommended fixes, and an overall quality score.

The code-reviewer skill guides structured PR and diff reviews for correctness, security, performance, testing, and maintainability, using repository references and a checklist script to make Code Review more consistent and actionable.

spec-to-code-compliance verifies that code matches written specifications exactly for blockchain audits and Compliance Review. Use the spec-to-code-compliance skill to compare whitepapers, design docs, and implementations, identify missing behavior, and flag undocumented or divergent logic.

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

naming-analyzer reviews variables, functions, classes, files, database fields, and API names, flagging vague or misleading identifiers and suggesting clearer, convention-aware alternatives for code review and refactoring.

ai-first-engineering is a concise operating model for teams where AI agents generate much of the implementation work. It helps set Agent Standards for planning, architecture, review, and testing, with guidance on install, usage, and when to apply the skill.

The gemini skill helps agents use Gemini CLI for code review, plan review, and large-context analysis. Learn when to install the skill, choose a model, avoid non-interactive approval hangs, and run safer Gemini workflows for multi-file reviews.

The coding-standards skill gives a baseline for naming, readability, immutability, consistency, and code review across projects, before applying framework-specific rules.

frontend-design-review is a GitHub skill for reviewing frontend UI work and creating distinctive, production-grade interfaces from scratch. It helps assess design system compliance, accessibility, visual quality, and whether a UI feels generic or intentionally designed. Use it for PR reviews, component reviews, and frontend-design-review for UI Design.

repo-scan is a cross-stack source audit skill that classifies files, detects embedded third-party libraries, and helps you judge what is core, duplicated, or dead weight. It is useful for repo-scan for Code Review, legacy migrations, and refactor planning. See repo-scan install and repo-scan usage guidance in the skill.

python-expert is a GitHub skill for Python code generation, review, debugging, and refactoring. It guides agents with a clear priority order—correctness, type safety, performance, then style—and points users to SKILL.md, AGENTS.md, and rule files for practical adoption.

python-anti-patterns is a Python code review checklist for spotting fragile patterns like scattered retries, timeout duplication, and hidden complexity before merge, during refactoring, or while debugging.

python-code-style helps with Python formatting, linting, naming, type hints, and docstrings. Use it to review pull requests, standardize team conventions, and set up ruff, mypy, or pyright guidance in pyproject.toml.

The python-patterns skill helps you write, review, and refactor Python code with idiomatic patterns, readable structure, type hints, and practical exception handling. Use it for new code, package/module design, or cleaner refactors that preserve behavior and follow Python conventions.

multi-reviewer-patterns helps agents run parallel code reviews across security, performance, architecture, testing, and accessibility, then deduplicate findings, calibrate severity, and deliver one consolidated report. Includes install context, key files, and practical usage guidance.

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

github is a GitHub skill for PRs, stacked PRs, code review, branching, and repo maintenance with gh CLI. Use it when you need a clear github guide for repeatable GitHub for Git Workflows tasks, including merge and rebase steps.

shellcheck-configuration helps you install ShellCheck, tune .shellcheckrc, and apply lint policy for CI and Code Review across bash, sh, dash, and ksh projects.

golang-patterns is a practical guide for idiomatic Go patterns, code review, and refactoring. It helps Backend Development teams choose clear APIs, safe error handling, useful zero values, and maintainable package boundaries. Install golang-patterns when you need less guesswork and more consistent Go design decisions.

The java-coding-standards skill provides practical guidance for readable, maintainable Java 17+ in Spring Boot services, covering naming, immutability, Optional, streams, exceptions, generics, and package layout. Use it for coding, refactoring, and java-coding-standards for Code Review.

cpp-coding-standards is a C++ coding standards guide based on the C++ Core Guidelines. Use it for writing, reviewing, and refactoring modern C++ with a focus on safety, clarity, maintainability, RAII, type safety, and good design. Ideal for cpp-coding-standards for Code Review and practical team decisions.

The click-path-audit skill helps trace UI handlers through every state change to catch sequence bugs, shared-state collisions, and final-state mismatches after refactors or during code review.

dotnet-patterns is a practical .NET pattern guide for backend development. It helps you write and review idiomatic C# with stronger defaults for immutability, explicit dependencies, async/await, and maintainable ASP.NET Core services. Use it for code generation, refactoring, and review when you want repeatable patterns, not generic advice.

quality-nonconformance is a regulated-manufacturing skill for NCR intake, root cause analysis, CAPA, SPC interpretation, and final disposition. Use it for Compliance Review, supplier quality issues, and evidence-based decisions where traceability, risk, and audit-ready judgment matter.

smart-explore is a structural code exploration skill that uses smart_search, smart_outline, and smart_unfold to map a codebase before reading full files. It helps with code navigation, targeted debugging, and smart-explore for Code Review when MCP tool support is available.

subagent-driven-development is a skill for executing implementation plans with a fresh subagent per task, then reviewing each result in two passes: spec compliance first, code quality second. It includes prompt templates for the implementer, spec reviewer, and code quality reviewer.

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

code-maturity-assessor provides an evidence-based maturity review using Trail of Bits’ 9-category framework. It assesses arithmetic safety, auditing, access control, complexity, decentralization, documentation, MEV risk, low-level code, and testing, with actionable recommendations for security audit readiness.

apple-appstore-reviewer helps audit iOS apps for App Store rejection risks, privacy gaps, permissions, subscriptions, and reviewer-blocking flows before submission.

pytorch-patterns helps you write, review, and debug PyTorch code with device-agnostic patterns, reproducible experiments, and explicit tensor handling. Use the pytorch-patterns skill for cleaner training loops, model refactors, and practical PyTorch guidance.

verification-loop is a Claude Code verification workflow for checking builds, types, lint, tests, security, and diffs after code changes. This verification-loop skill is useful before PRs and after refactors when you want a structured post-change guide instead of a generic prompt.

python-testing helps you design, write, and review Python tests with a pytest-first workflow. Use it for TDD, fixtures, mocking, parametrization, coverage checks, and maintaining a reliable test suite for Skill Testing and real projects.

hipaa-compliance is the HIPAA-specific entrypoint for healthcare privacy and security work. Use the hipaa-compliance skill when a task is explicitly about PHI, covered entities, BAAs, breach posture, or whether a workflow creates HIPAA exposure. It is a thin overlay for fast compliance triage and guidance.

dwarf-expert helps you inspect DWARF v3-v5 debug info, read DIE trees and attributes, verify data integrity, and review code that parses or emits DWARF. Use the dwarf-expert skill when you need accurate, evidence-based answers for compiled binaries, debug sections, or backend development tooling.

customs-trade-compliance is a trade compliance skill for customs documentation, HS/HTS classification, duty planning, restricted party screening, and Compliance Review. It helps users turn shipment facts into defensible import/export decisions with less guesswork than a generic prompt.

healthcare-phi-compliance helps review healthcare apps for PHI/PII risk across data models, APIs, logs, and access paths. Use it to check data classification, access control, encryption, audit trails, and common leak vectors for HIPAA, DISHA, GDPR, and related security audit needs.

python-design-patterns is a Python refactoring and design-review skill focused on KISS, SRP, separation of concerns, composition over inheritance, and the Rule of Three for cleaner, more testable code.

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

lesson-learned analyzes Git diffs and recent commits to extract software engineering lessons grounded in real code changes. It loads `se-principles.md` first, maps changes to principles like SRP, DRY, and KISS, and works well for retrospectives, PR learning notes, and Code Review follow-up.

guidelines-advisor is a smart contract development advisor based on Trail of Bits best practices. It analyzes a codebase to generate documentation, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Use the guidelines-advisor guide for clear, evidence-based recommendations.