- Home
- /
- Categories
- /
- Code Review
Code Review
Automated code review and analysis
file-upload
by florianbuetow
This skill should be used when the user asks to "check file upload security", "analyze upload validation", "find upload vulnerabilities", "check for zip slip", "audit file upload handling", or mentions "file upload", "upload validation", "content-type check", "magic bytes", "zip slip", or "path traversal in upload" in a security context.
repudiation
by florianbuetow
This skill should be used when the user asks to "check for repudiation", "analyze audit logging", "find logging gaps", or mentions "repudiation" or "non-repudiation" in a security context. Maps to STRIDE category R.
config
by florianbuetow
This skill should be used when the user asks to "configure security", "appsec settings", "security preferences", or invokes /appsec:config. Manages security tool preferences and thresholds.
pasta-vulns
by florianbuetow
This skill should be used when the user asks to "analyze vulnerabilities", "find security weaknesses", "map CWEs", "run vulnerability analysis", or is running PASTA stage 5. Also triggers when the user asks about SAST, DAST, dependency scanning, or CWE mapping in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 5 of 7).
pr-review
by freenet
Executes comprehensive PR reviews following Freenet standards. Performs four-perspective review covering code-first analysis, testing, skeptical review, and big-picture assessment.
dev-npxify
by Takazudo
Audit project dependencies and replace CLI-only tools with npx/pnpm dlx to reduce installed packages. Use when: (1) User wants to reduce dependencies, (2) User says 'npxify', 'dlxify', 'reduce deps', (3) User wants to clean up package.json, (4) User asks which deps can use npx/pnpm dlx.
identifying
by florianbuetow
This skill should be used when the user asks to "check for identifiability", "analyze re-identification risks", "find privacy issues related to anonymization", "check for PII exposure", or mentions "identifiability" in a privacy context. Maps to LINDDUN category I.
linking
by florianbuetow
This skill should be used when the user asks to "check for linkability", "analyze cross-service tracking", "find privacy issues related to user correlation", "check for cross-domain tracking", or mentions "linkability" in a privacy context. Maps to LINDDUN category L.
docs
by 2ykwang
"Code documentation agent — write/update docs with /docs write, check status with /docs check. Minimal code blocks, reference pointer based."
dependabot-resolve
by Takazudo
"Comprehensive dependency update workflow for resolving Dependabot alerts and PRs. Use when: (1) User wants to update dependencies, (2) User mentions 'dependabot', 'security vulnerabilities', or 'dependency updates', (3) User asks to run security audit, (4) User wants to create a deps-update PR. Analyzes Dependabot issues, runs security audit (pnpm audit), creates update branch, applies updates, runs quality checks (typecheck, lint, test, build), handles Playwright Docker image sync, and creates PR with full changelog."
write-pr
by 2ykwang
"Analyzes git diff and commit history to write PR title and description based on the project's PR template."
access-control
by florianbuetow
This skill should be used when the user asks to "check for access control issues", "analyze authorization", "find IDOR vulnerabilities", "audit CORS configuration", "check for privilege escalation", or mentions "access control", "authorization", "IDOR", "CORS", "JWT tampering", or "directory traversal" in a security context. Maps to OWASP Top 10 2021 A01: Broken Access Control.
systematic-debugging
by freenet
Methodology for debugging non-trivial problems systematically. This skill should be used automatically when investigating bugs, test failures, or unexpected behavior that isn't immediately obvious. Emphasizes hypothesis formation, parallel investigation with subagents, and avoiding common anti-patterns like jumping to conclusions or weakening tests.
pr-creation
by freenet
Guidelines for creating high-quality Freenet pull requests. This skill should be used when creating PRs for freenet-core, freenet-stdlib, or related repositories. Emphasizes quality over speed, thorough testing, and proper review process.
regression
by florianbuetow
This skill should be used when the user asks to "check for regressions", "verify fixes still hold", "regression test security", "check for reintroduced vulnerabilities", "security regression check", or "verify no old bugs returned". Also triggers when the user wants to confirm that previously fixed vulnerabilities have not been reintroduced by recent code changes.
review-plan
by florianbuetow
This skill should be used when the user asks to "review plan for security", "check plan for security issues", "security review of implementation plan", "audit the plan for vulnerabilities", or "check my plan before coding". Also triggers when the user mentions security in the context of an implementation plan, architecture proposal, or design document before code has been written. This is the FLAGSHIP pre-code security skill -- no other tool reviews plans at design time.
Ai Content Qa
by omer-metin
devops-platform-patterns
by majesticlabs-dev
Platform-specific IaC checklists for DigitalOcean, Hetzner, AWS, and Cloudflare.
data-quality
by majesticlabs-dev
Quality dimensions, scorecards, distribution monitoring, and freshness checks. Use for data validation pipelines and quality gates.
audio-analyzer
by dkyazzentwatwa
Comprehensive audio analysis with waveform visualization, spectrogram, BPM detection, key detection, frequency analysis, and loudness metrics.
dependency-analyzer
by dkyazzentwatwa
Analyze Python imports and dependencies. Use to understand project structure, find unused imports, or generate requirements.txt files.
pandera-validation
by majesticlabs-dev
DataFrame schema validation using pandera. Schema definitions, column checks, and decorator-based validation.
infra-security-review
by majesticlabs-dev
Security patterns and checklists for reviewing Infrastructure-as-Code. Covers Terraform/OpenTofu state, secrets, network, compute, database, and storage security.
crypto-ta-analyzer
by dkyazzentwatwa
Technical analysis with 29+ indicators (BB, Ichimoku, RSI, MACD). Generates 7-tier trading signals with divergence detection, volume confirmation, and squeeze alerts for crypto and stocks.