Code Review
Automated code review and analysis
zenith-ui
by gravito-framework
Specialized in frontend development with Zenith, Vue 3, and Inertia.js. Trigger this for UI components, page layouts, and styling.
security-vuln-analyzer
by swannysec
Multi-agent security vulnerability analysis and remediation skill. Orchestrates parallel security agents to analyze vulnerability reports, validate findings, assess risk, and provide comprehensive fix recommendations. Use when receiving vulnerability reports, security disclosures, bug bounty submissions, or when needing to assess and remediate security issues. Triggers on keywords like "vulnerability report", "security issue", "CVE", "clickjacking", "XSS", "CSRF", "injection", "security disclosure", or requests to analyze/fix security problems.
solidity-security-audit
by mariano-aguero
Comprehensive Solidity smart contract security auditing and vulnerability analysis skill. Based on methodologies from Trail of Bits, OpenZeppelin, Consensys Diligence, Sherlock, CertiK, Cyfrin, Spearbit, Halborn, and other leading Web3 security firms. This skill should be used whenever the user asks to "audit a smart contract", "review Solidity code for security", "find vulnerabilities", "check for reentrancy", "analyze gas optimization", "review access control", "check proxy patterns", "analyze DeFi protocol security", "review ERC20/ERC721 implementation", "check oracle manipulation risks", "review upgrade patterns", or mentions any security review of EVM-compatible smart contracts. Also triggers for keywords like "slither", "echidna", "foundry fuzz", "formal verification", "invariant testing", "flash loan attack", "MEV", "sandwich attack", "front-running", "delegatecall", "selfdestruct", "reentrancy guard", "access control vulnerability", "storage collision", "proxy upgrade security", "smart contract exploit", "L2 security", "cross-chain", "bridge security", "sequencer", "LayerZero", "CCIP", "account abstraction", "ERC-4337", "smart account", "paymaster", "bundler", "UserOperation", "re-audit", "diff audit", "remediation review", "fix verification", "Uniswap v4 hooks", "Chainlink integration", "Aave integration", "flash loan receiver", "ERC-4626 vault", "restaking", "EigenLayer", "severity classification", "severity decision". Even if the user simply pastes Solidity code and asks "is this safe?" or "any issues here?", use this skill.
dumbwaiter-mcp
by lambdamechanic
Provider-agnostic wait-for-change skill that uses the Dumbwaiter MCP server to wait on PR events (GitHub first) via wait.start/status/cancel/await, with progress notifications and durable state.
create-start-work
by jclfocused
Scaffold a project-specific start-work skill. This is the global blueprint — use it to create .claude/skills/start-work/SKILL.md in a project.
address-reviews
by jacehwang
Fetches GitHub PR review comments, classifies them by status and file, and enters plan mode to create an actionable plan addressing review feedback. Use when you need to process and respond to PR review comments.
fastdeploy-pull-request
by PFCCLab
自动创建或更新 GitHub Pull Request。 当需要为 FastDeploy 仓库创建 PR 时,优先使用本 skill。
codex
by costa-marcello
Invokes Codex CLI for code analysis, refactoring, or automated editing. Use when the user asks to run codex exec, codex resume, or references OpenAI Codex.
smart-merge
by costa-marcello
Merges branches with comprehensive validation while preserving feature branches. Use when user wants to merge PR, sync with main, update feature branch, complete merge, or finalize work. Runs full validation (tests, lint, CI, review comments), merges without deleting branches, and always returns to the working branch.
wachi
by ysm-dev
"Install, configure, and use the wachi CLI to monitor any URL for new content and get notifications via 90+ services (Slack, Discord, Telegram, email, etc.). Use when the user wants to: (1) subscribe to web pages, blogs, YouTube channels, or RSS feeds for change notifications, (2) set up URL monitoring with wachi sub/check/ls commands, (3) configure notification channels via apprise URLs, (4) schedule periodic checks with cron, (5) troubleshoot wachi errors or configuration, or (6) understand how wachi detects changes (RSS auto-discovery, LLM-based CSS selectors)."
agora
by UeberUeber
Agora: A wisdom square where historical figures across time and space gather to debate your problem. Use this skill when: - User wants diverse perspectives on a problem or idea - User invokes /agora to start a debate - User needs deep exploration through dialectical discussion - User wants to challenge their thinking with opposing viewpoints The skill summons real historical figures based on their relevance to the problem, creates debates through intellectual lineages (thesis → antithesis → metanoia), and accumulates a reusable wisdom library over time.
code-quality
by xbklairith
Use when reviewing code or before commits - runs 25-point quality checklist (structure, errors, security, performance, testing), identifies code smells, suggests refactorings with examples. Activates when user says "review this", "check my code", mentions "refactor", "optimize", "code quality", or before git commits.
typescript
by lambdamechanic
"Default TypeScript stack for Lambda: pnpm workspaces + Turbo, strict TS, and sensible DX helpers."
lambda-workflow
by lambdamechanic
"One lifecycle for Lambda repos: choose a bd task, start work, land the PR, and watch GitHub via Dumbwaiter MCP until it merges."
sca-npm-audit
by vchirrav
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
interview-master
by chaorenex1
This skill should be used when the user asks to "generate interview questions", "prepare for interview", "optimize resume", "conduct mock interview", "analyze git commits for resume", "generate resume from code", "review my resume", or mentions interview preparation, career assistance, or extracting project experience from git history. Provides comprehensive interview and career development guidance for both job seekers and interviewers.
code-refactor-analyzer
by chaorenex1
Analyzes codebase for refactoring needs, generates todo reports, and validates completion
production-audit
by costa-marcello
"Audits a codebase for production readiness across six dimensions: API completeness, frontend-backend sync, security, scalability, infrastructure, and dead code/architecture. Use when asked for a launch assessment, production readiness check, pre-deployment audit, or multi-agent patchwork cleanup."
sk
by lambdamechanic
"How to use the repo-scoped sk CLI to manage Claude Skills in this codebase."
create-claude-reviewer
by jclfocused
Create a Claude Code Review GitHub Action workflow for PRs. Use when the user asks to "set up claude review", "add PR review", "create code review action", "claude reviewer", "set up automated review", or wants automated PR reviews with Linear or GitHub comments.
refactor-pass
by montagao
Perform a refactor pass focused on simplicity after recent changes. Use when the user asks for a refactor/cleanup pass, simplification, or dead-code removal and expects build/tests to verify behavior.
git-code-review
by chaorenex1
Get git records for specified users and days, perform code review for each commit, and generate detailed code review reports
Flutter Auto Hot Reload
by jclfocused
This skill should be used when the user asks to "set up auto hot reload", "enable automatic reload", "hot reload on save", "watch for file changes", "auto reload flutter", or mentions wanting Flutter to automatically reload when files change. Provides configuration for terminal-based workflows, VS Code, Android Studio, and multi-device setups.
design-auditor
by DUBSOpenHub
🔍 Design Auditor — paste a URL, get 5 ranked fixes to improve conversions. Analyzes layout, performance, accessibility, and CTA effectiveness. Say "audit <url>" to start, or "audit local" for a local dev server.