Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

ShaheerKhawaja/review-gate

Name: review-gate
Author: ShaheerKhawaja

skills/review-gate/SKILL.md

npx skillsauth add ShaheerKhawaja/ProductionOS review-gate

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

review-gate: Quality Enforcement for Every Push

Automated quality gate that catches issues tests miss: secrets, convention violations, incomplete implementations, and cross-project context leaks.

Gate Sequence

Gate 1: Diff Size Check

Max 15 files, 200 lines/file. Advisory — warns, does not block.

Gate 2: PII and Secrets Scan

Scans diff for email addresses (except noreply), API keys (sk-, ghp_, xoxb-, AKIA), IP addresses, absolute home paths, hardcoded passwords. BLOCKS on any match. No exceptions.

Gate 3: Convention Compliance

Per-project rules loaded from SecondBrain wiki entity pages via secondbrain_path config.

Python: ruff format, no print() in production
Frontend: no console.log in production
All: conventional commit format, no TODO without issue number Advisory.

Gate 4: Cross-Project Boundary Check

Detects files outside current git root, imports with absolute paths to other projects. Advisory — user must confirm intent.

Gate 5: Completeness Check

Scans for TODO/FIXME without issue ref, empty function bodies, commented-out code blocks (>3 lines), debugging statements, skipped tests without explanation. Advisory.

Gate 6: Self-Review Reminder

If >5 files changed and no /review or /unified-review invoked this session, reminds the user. Advisory.

Output Format

  [1/6] Diff size .............. PASS (7 files, max 45 lines)
  [2/6] PII/secrets scan ....... PASS (0 findings)
  [3/6] Convention compliance .. WARN (2 findings)
  [4/6] Cross-project boundary . PASS
  [5/6] Completeness check ..... WARN (1 finding)
  [6/6] Self-review reminder ... PASS

  Result: PASS with 3 advisory warnings

Blocking Rules

Only Gate 2 (PII/secrets) blocks. Everything else is advisory. The goal is to surface issues without slowing the developer down.

ShaheerKhawaja/review-gate

skills/review-gate/SKILL.md

Enforces code review quality before commits and pushes across ALL projects. 6-gate sequence: diff size, PII/secrets, conventions, cross-project boundaries, completeness, self-review reminder. Only PII gate blocks; rest are advisory. Triggers on: "review before push", "pre-commit review", "quality gate", "/review-gate".

7 stars

development

Updated Apr 23, 2026

$ install --global

skillsauth

npx skillsauth add ShaheerKhawaja/ProductionOS review-gate

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 23, 2026, 2:12 AM13.1s1 file scanned

SKILL.md

name:: review-gate
description:: >
6-gate sequence:: diff size, PII/secrets, conventions, cross-project boundaries,
Triggers on:: review before push", "pre-commit review", "quality gate",

review-gate: Quality Enforcement for Every Push

Automated quality gate that catches issues tests miss: secrets, convention violations, incomplete implementations, and cross-project context leaks.

Gate Sequence

Gate 1: Diff Size Check

Max 15 files, 200 lines/file. Advisory — warns, does not block.

Gate 2: PII and Secrets Scan

Scans diff for email addresses (except noreply), API keys (sk-, ghp_, xoxb-, AKIA), IP addresses, absolute home paths, hardcoded passwords. BLOCKS on any match. No exceptions.

Gate 3: Convention Compliance

Per-project rules loaded from SecondBrain wiki entity pages via secondbrain_path config.

Python: ruff format, no print() in production
Frontend: no console.log in production
All: conventional commit format, no TODO without issue number Advisory.

Gate 4: Cross-Project Boundary Check

Detects files outside current git root, imports with absolute paths to other projects. Advisory — user must confirm intent.

Gate 5: Completeness Check

Scans for TODO/FIXME without issue ref, empty function bodies, commented-out code blocks (>3 lines), debugging statements, skipped tests without explanation. Advisory.

Gate 6: Self-Review Reminder

If >5 files changed and no /review or /unified-review invoked this session, reminds the user. Advisory.

Output Format

  [1/6] Diff size .............. PASS (7 files, max 45 lines)
  [2/6] PII/secrets scan ....... PASS (0 findings)
  [3/6] Convention compliance .. WARN (2 findings)
  [4/6] Cross-project boundary . PASS
  [5/6] Completeness check ..... WARN (1 finding)
  [6/6] Self-review reminder ... PASS

  Result: PASS with 3 advisory warnings

Blocking Rules

Only Gate 2 (PII/secrets) blocks. Everything else is advisory. The goal is to surface issues without slowing the developer down.

Related Skills

ShaheerKhawaja/writing-plans

tools

VerifiedTrustedCommunity

Implementation planning workflow that turns approved ideas into dependency-aware execution plans.

7SKILL.mdUpdated Apr 23, 2026

ShaheerKhawaja/writing-plans

ShaheerKhawaja/wiki-rag

development

VerifiedTrustedCommunity

Local RAG and Graph RAG over the SecondBrain wiki vault. Progressive context loading (hot cache -> index -> domain -> entity). Graph traversal via wikilink resolution. Use when agents need cross-project context, when answering questions that span multiple domains, or when building context for planning tasks. Triggers on: "wiki context", "cross-project context", "what do we know about", "check the wiki", "graph context", "/wiki-rag".

7SKILL.mdUpdated Apr 23, 2026

ShaheerKhawaja/wiki-rag

ShaheerKhawaja/ux-genie

devops

VerifiedTrustedCommunity

UX improvement pipeline — creates user stories from UI guidelines, maps user journeys, identifies friction, dispatches fix agents. The user-experience equivalent of /production-upgrade.

7SKILL.mdUpdated Apr 23, 2026

ShaheerKhawaja/ux-genie

ShaheerKhawaja/tdd

development

VerifiedTrustedCommunity

Test-driven development workflow that writes failing tests first, implements minimally, and refactors safely.

7SKILL.mdUpdated Apr 23, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/ShaheerKhawaja/ProductionOS.git

# Copy into Claude Code skills folder (global)
cp -r ProductionOS/skills/review-gate ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

ShaheerKhawaja/ProductionOS

7 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT