- Home
- /
- Categories
- /
- Code Review
Code Review
Automated code review and analysis
pasta-vulns
by florianbuetow
This skill should be used when the user asks to "analyze vulnerabilities", "find security weaknesses", "map CWEs", "run vulnerability analysis", or is running PASTA stage 5. Also triggers when the user asks about SAST, DAST, dependency scanning, or CWE mapping in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 5 of 7).
dev-npxify
by Takazudo
Audit project dependencies and replace CLI-only tools with npx/pnpm dlx to reduce installed packages. Use when: (1) User wants to reduce dependencies, (2) User says 'npxify', 'dlxify', 'reduce deps', (3) User wants to clean up package.json, (4) User asks which deps can use npx/pnpm dlx.
supabase-audit-auth-config
by yoanbernabeu
Analyze Supabase authentication configuration for security weaknesses and misconfigurations.
ascii-circuit-diagram-creator
by Takazudo
Create and validate ASCII circuit diagrams with automatic rule checking and iterative refinement. Use when the user requests circuit diagrams in ASCII/text format, or when creating technical documentation with embedded circuit schematics. Automatically ensures diagrams follow golden rules (no line crossings without junctions, no lines crossing labels, proper component connections, correct polarity). Includes preview validation using monospace rendering.
git-filtered-merge
by Takazudo
Filtered squash merge: take only matching paths (e.g., doc/) from a source branch and apply them to a target branch via squash merge, PR creation. Use when: (1) User says 'filtered merge', 'sync doc to develop', 'cherry-pick directory', (2) User wants to sync a subset of changes between branches, (3) User needs to apply only specific directory or file changes from one branch to another.
identifying
by florianbuetow
This skill should be used when the user asks to "check for identifiability", "analyze re-identification risks", "find privacy issues related to anonymization", "check for PII exposure", or mentions "identifiability" in a privacy context. Maps to LINDDUN category I.
schemdraw-circuit-generator
by Takazudo
Generate high-quality professional circuit diagrams using schemdraw Python library. Creates vector graphics (SVG/PDF/PNG) from natural language circuit descriptions. Supports extensive component library including resistors, capacitors, inductors, diodes, transistors, opamps, ICs, logic gates, and more. Use when (1) User requests circuit diagrams or schematics, (2) User wants professional/publication-quality output, (3) User needs vector graphics (SVG/PDF) for documentation, (4) Creating complex circuits with ICs opamps or digital logic, (5) User explicitly mentions schemdraw or wants alternative to ASCII circuits, (6) User needs diagrams for papers documentation or presentations.
linking
by florianbuetow
This skill should be used when the user asks to "check for linkability", "analyze cross-service tracking", "find privacy issues related to user correlation", "check for cross-domain tracking", or mentions "linkability" in a privacy context. Maps to LINDDUN category L.
custom-command-creator
by Takazudo
Create and manage custom slash commands in Claude Code. Use when: (1) User wants to create a new slash command, (2) User asks about /commands or custom commands, (3) User wants to automate frequently used prompts, (4) User says 'create global command' or 'create local command', (5) User mentions 'command-creator'. Covers: command creation (global and local), command anatomy, frontmatter options, argument handling, bash execution, file references, namespacing, and command vs skill comparison.
dependabot-resolve
by Takazudo
"Comprehensive dependency update workflow for resolving Dependabot alerts and PRs. Use when: (1) User wants to update dependencies, (2) User mentions 'dependabot', 'security vulnerabilities', or 'dependency updates', (3) User asks to run security audit, (4) User wants to create a deps-update PR. Analyzes Dependabot issues, runs security audit (pnpm audit), creates update branch, applies updates, runs quality checks (typecheck, lint, test, build), handles Playwright Docker image sync, and creates PR with full changelog."
controlling-costs
by axiomhq
Analyzes Axiom query patterns to find unused data, then builds dashboards and monitors for cost optimization. Use when asked to reduce Axiom costs, find unused columns or field values, identify data waste, or track ingest spend.
trace-audit
by joyco-studio
Analyze a Chrome DevTools Performance trace JSON file for performance anomalies, producing a structured audit report with critical issues, warnings, metrics, timeline hotspots, and actionable recommendations.
access-control
by florianbuetow
This skill should be used when the user asks to "check for access control issues", "analyze authorization", "find IDOR vulnerabilities", "audit CORS configuration", "check for privilege escalation", or mentions "access control", "authorization", "IDOR", "CORS", "JWT tampering", or "directory traversal" in a security context. Maps to OWASP Top 10 2021 A01: Broken Access Control.
Pair Framework
by viames
"Entry skill for assistants working on the Pair v4 framework repository."
pr-revise
by Takazudo
Update an existing PR's title and description to reflect the full implementation. Use when: (1) User says 'revise pr', 'update pr description', 'pr revise', (2) Additional work was done after the original PR was created and the PR title/body no longer matches the actual changes, (3) User wants to sync the PR metadata with the current state of the branch.
regression
by florianbuetow
This skill should be used when the user asks to "check for regressions", "verify fixes still hold", "regression test security", "check for reintroduced vulnerabilities", "security regression check", or "verify no old bugs returned". Also triggers when the user wants to confirm that previously fixed vulnerabilities have not been reintroduced by recent code changes.
tag-tests-with-issues
by Gilead-BioStats
Identify likely GitHub issues connected to test cases. Use when asked to tag tests with issues or get started with qcthat.
review-plan
by florianbuetow
This skill should be used when the user asks to "review plan for security", "check plan for security issues", "security review of implementation plan", "audit the plan for vulnerabilities", or "check my plan before coding". Also triggers when the user mentions security in the context of an implementation plan, architecture proposal, or design document before code has been written. This is the FLAGSHIP pre-code security skill -- no other tool reviews plans at design time.
friendly-python
by PsiACE
Practical guidance for writing, refactoring, and reviewing friendly Python code with a Pythonic, readable, and maintainable style. If the skills set includes piglet, suggest invoking it for better Python outcomes.
modular-go
by PsiACE
Practical guidance for Go package design with minimal public APIs, single-responsibility boundaries, stateless-first flow, one-way state transitions, and orchestration-to-capability separation. Use when creating, refactoring, or reviewing Go architecture, package boundaries, interfaces, handlers, managers, builders, and execution flows.
piglet
by PsiACE
Practical Python craftsmanship guidance based on One Python Craftsman. Use when writing, refactoring, or reviewing Python code for naming, branching, data structures, functions, exceptions, loops, decorators, imports, file I/O, edge cases, and modern syntax choices. If the skills set includes friendly-python, suggest invoking it for better Python outcomes.
explainer
by Royal-lobster
"Use when the user asks to explain, walk through, or understand a feature, module, or code flow in the codebase. Triggers on 'explain', 'walk me through', 'how does X work', 'what does this code do'."
port-scanner
by AIDotNet
扫描网络端口以检查可用性和检测运行的服务。
nextjs-devtools
by panaversity
Next.js development tooling via MCP. Inspect routes, components, build info, and debug Next.js apps. Use when working on Next.js applications, debugging routing, or inspecting app structure. NOT for general React or non-Next.js projects.