Code Review
Automated code review and analysis
wfc-review
by sam-fakhreddine
Orchestrates parallel code review across five analytical dimensions (Security, Correctness, Performance, Maintainability, Reliability) for application source code. Produces a heuristic Consensus Score and a prioritized, deduplicated finding report suitable for merge/deploy decisions. TRIGGERS: "review this code", "analyze this PR for quality", "check for bugs", "is this safe to merge", "is this safe to deploy", "/wfc-review". REQUIRES: Application source code in supported languages (.py, .js, .ts, .go, .java, .rb, .php, .rs, .c, .cpp, .sql). NOT FOR: runtime error debugging, Infrastructure-as-Code (Terraform, Kubernetes, Dockerfiles, CloudFormation), dependency/CVE auditing, style-only linting, code walkthroughs, config files without executable logic (YAML, JSON, TOML, ci.yml, tsconfig.json), or writing inline review comments directly (that is the job of the spawned reviewer agents).
analyze-discord-structure
by bdmorin
You are an expert Discord server architect and community strategist.
gap-analysis
by jschulte
Route-aware gap analysis. For Brownfield - uses /speckit.analyze to compare specs against implementation. For Greenfield - validates spec completeness and asks about target tech stack for new implementation. This is Step 4 of 6 in the reverse engineering process.
task-orchestrator
by DimitriGilbert
Autonomous agent loop for executing, validating, and completing tasks. Handles state transitions, subtask management, and review cycles.
using-ltk
by eyadsibai
Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
wfc-gh-debug
by sam-fakhreddine
Diagnoses failing GitHub-native Actions workflow runs by analyzing logs via the gh CLI. Classifies root causes (lint, format, test, type, import, permission, secret, infra/runner) and proposes fixes. Applies fixes only after explicit user approval. Capabilities: fetches and analyzes logs from GitHub-hosted Actions runners; classifies failures into actionable categories; auto-generates fix commands for uv-managed Python and npm/TS projects; verifies fixes locally before pushing. Limitations: requires uv for Python verification (no pip/poetry fallback); cannot access third-party check logs (Vercel, Codecov) or external CI; cannot fix infrastructure failures; requires gh CLI authentication. Triggers: "GitHub Actions failed", "workflow run failed", "debug GitHub Actions logs", "why did my Actions run fail", /wfc-gh-debug. Not for: third-party status checks; external CI (Jenkins, GitLab, CircleCI); fork PRs with missing secrets; PR policy gates; flaky tests; green runs.
analyze-sales-call
by bdmorin
Fabric pattern: analyze_sales_call
aws-well-architected-framework
by rameshvr
Use when reviewing AWS architecture, designing cloud systems, addressing operational issues, security concerns, reliability problems, performance bottlenecks, cost overruns, or sustainability goals
registry-forensics
by SherifEldeeb
Analyze Windows Registry hives for forensic investigation. Use when investigating malware persistence, user activity, system configuration changes, or evidence of program execution. Supports offline registry analysis from disk images or extracted hives.
incident-response
by SherifEldeeb
Incident response documentation, timeline analysis, containment procedures, and IR reporting. Support the full incident lifecycle from detection to lessons learned. Use for security incidents, breach response, and IR planning.
prd-reviewing
by meriley
Reviews and validates Product Requirements Documents for completeness, clarity, and feasibility. Identifies gaps, ambiguities, and risks using systematic checklist. Use when reviewing PRDs before approval, during stakeholder reviews, or validating requirements quality.
knowledge-manager
by krishagel
Manages user preferences and learned knowledge with confidence scoring
better-skill-publish
by psylch
"Package a agent skill into a complete GitHub repository ready for distribution via skills.sh. Generates README, LICENSE, plugin.json, marketplace.json, .gitignore, and the proper directory structure. Optionally initializes a git repo and creates a GitHub repository. This skill should be used when publishing a skill, packaging a skill for distribution, preparing a skill repo, or when the user says 'publish skill', 'package skill', 'release skill', '发布技能', '打包 skill'."
pymc
by eyadsibai
Use when "PyMC", "Bayesian", "MCMC", "probabilistic programming", or asking about "Bayesian regression", "hierarchical model", "NUTS sampler", "posterior distribution", "prior predictive", "credible intervals", "uncertainty quantification"
jobs-ive-design-architect
by vxcozy
Premium UI/UX design architect with Steve Jobs and Jony Ive's design philosophy. Audits every screen, component, and pixel of an app, then delivers a phased design plan for approval. Use when: "audit the design", "design review", "UI audit", "make this feel premium", "polish the UI", "run the Jobs filter", "check visual consistency", or any request to improve visual quality, spacing, typography, hierarchy, or feel without changing functionality. Does NOT write features or touch functionality. Proposes everything. Implements nothing without approval.
doc-validator
by poindexter12
Validate documentation files for completeness, accuracy, and consistency with the codebase. Use when user mentions "check documentation", "validate docs", "is the README up to date?", requests documentation review, says "docs are wrong" or "fix the docs", or is working on documentation improvements. Covers README files, API docs, CHANGELOG, and any markdown documentation.
reason-about-code-security
by ricardogomes
Develop systematic threat reasoning and adversarial thinking about code security. Use when a learner wants to analyze code for security implications, understand vulnerability patterns, or develop security-minded thinking. This skill teaches systematic threat modeling, assumption surfacing, and defense reasoning—not vulnerability cataloging. Triggers on phrases like "is this secure", "security implications", "could this be exploited", "threat analysis", or when a learner wants to develop security reasoning skills.
reducing-cac
by amogha-dalvi
Use when customer acquisition cost is rising, channel-level CAC is unknown, LTV to CAC ratio is below 3 to 1, or paid spend is growing without proportional pipeline growth. Use when founders feel marketing is not working, when budget needs reallocation, or when organic channels are underinvested relative to paid.
review-script-template
by b-open-io
This skill should be used when the user asks to "review a script template", "audit a template", "check template implementation", "validate ts-templates code", or mentions reviewing BitCom templates like AIP, MAP, SIGMA, BAP. Validates ScriptTemplate implementations against best practices.
worktree-guide
by poindexter12
Git worktree patterns, best practices, templates, and quick reference. Use when user asks about "worktree best practices", "worktree patterns", "git worktree help", "worktree template", "worktree mode semantics", "what are worktree modes", "explain worktree metadata", or needs guidance on worktree organization and workflows.
analyze-proposition
by bdmorin
You are an AI assistant whose primary responsibility is to analyze a federal, state, or local ballot proposition.
reviewing-casbin
by meriley
Review Go code using Casbin authorization for security issues, model correctness, policy design, and common anti-patterns. Use when reviewing PRs with Casbin code or auditing authorization implementations.
feature-spec-reviewing
by meriley
Reviews feature specifications for completeness, testability, and implementation readiness. Validates acceptance criteria, edge cases, and technical constraints. Use when reviewing feature specs before implementation or during sprint planning.
chrome-ext-review
by masayan1126
Chrome Web Storeのユーザーレビューへの返信を生成。ポジティブ・ネガティブ両方に対応。「レビュー返信」「レビュー対応」などで使用。