Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

a2mus/code-quality

Name: code-quality
Author: a2mus

skills/code-quality/SKILL.md

npx skillsauth add a2mus/ecc-antigravity code-quality

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

When to Use

Before marking any task as complete
During code review of your own or others' code
When refactoring existing code
When you notice code that "feels wrong"

Pre-Completion Checklist

Run through this before considering any feature done:

Correctness

[ ] The feature works for the happy path
[ ] Edge cases are handled (empty input, null values, zero, negative numbers)
[ ] Error cases are handled and produce useful messages
[ ] Tests cover the behaviour (TDD compliant)

Readability

[ ] Functions and variables have descriptive names
[ ] No single-letter variables (except loop counters i, j)
[ ] No cryptic abbreviations
[ ] Complex logic has a brief comment explaining WHY (not WHAT)

Structure

[ ] Functions are small (< 50 lines each)
[ ] Files are focused (< 800 lines)
[ ] No deep nesting (> 4 levels) — use early returns
[ ] No duplicate logic (DRY rule applied)

Safety

[ ] No hardcoded values — use constants or config
[ ] No mutation of shared state
[ ] No swallowed exceptions (except: pass)

Core Principles Applied

KISS — Keep It Simple

# WRONG — over-engineered
class LayerProcessorFactory:
    def create_processor(self, strategy_type: str) -> LayerProcessor:
        if strategy_type == "simple":
            return SimpleLayerProcessor(SimpleStrategy())
        ...

# CORRECT — solve the actual problem
def process_layer(layer: QgsVectorLayer) -> list[dict]:
    return [feature.attributes() for feature in layer.getFeatures()]

DRY — Don't Repeat Yourself

# WRONG — duplicated validation logic
def process_file(path):
    if not path.exists():
        raise FileNotFoundError(path)
    ...

def load_config(path):
    if not path.exists():
        raise FileNotFoundError(path)
    ...

# CORRECT — extract to shared function
def require_file(path: Path) -> Path:
    if not path.exists():
        raise FileNotFoundError(f"Required file not found: {path}")
    return path

def process_file(path): require_file(path); ...
def load_config(path): require_file(path); ...

YAGNI — You Aren't Gonna Need It

# WRONG — building for imagined future requirements
class DataProcessor:
    def process(self, data, strategy=None, plugin=None,
                validator=None, transformer=None):  # nobody asked for this
        ...

# CORRECT — solve TODAY's problem
def process_data(data: list[dict]) -> list[dict]:
    return [transform(item) for item in data if is_valid(item)]

Code Smells & Fixes

Deep Nesting → Early Returns

# SMELL
def handle_request(request):
    if request:
        if request.user:
            if request.user.is_authenticated:
                if request.data:
                    return process(request.data)

# FIX
def handle_request(request):
    if not request:
        return None
    if not request.user or not request.user.is_authenticated:
        raise PermissionError("Authentication required")
    if not request.data:
        raise ValueError("Request data is required")
    return process(request.data)

Magic Numbers → Named Constants

# SMELL
if layer.featureCount() > 50000:
    use_chunked_processing()

# FIX
MAX_FEATURES_IN_MEMORY = 50_000

if layer.featureCount() > MAX_FEATURES_IN_MEMORY:
    use_chunked_processing()

Long Function → Decompose

# SMELL — a 80-line function doing 5 things
def process_and_export_layer(layer, output_path, format, crs, fields):
    # validate ...
    # transform ...
    # reproject ...
    # filter fields ...
    # export ...

# FIX — each step is its own focused function
def process_and_export_layer(layer, output_path, format, crs, fields):
    validated = validate_layer(layer)
    reprojected = reproject_to(validated, crs)
    filtered = select_fields(reprojected, fields)
    export_layer(filtered, output_path, format)

Mutable Default Argument (Python Gotcha)

# SMELL — the list is shared between calls!
def add_item(item, items=[]):
    items.append(item)
    return items

# FIX
def add_item(item, items=None):
    if items is None:
        items = []
    items.append(item)
    return items

Refactoring Workflow

Identify the smell — which rule above does it violate?
Write a test first — ensure behaviour is captured before changing code
Make the smallest change — one improvement at a time
Run tests — verify nothing broke
Commit — each refactor in its own commit: refactor: extract validate_layer helper

a2mus/code-quality

skills/code-quality/SKILL.md

Code quality review checklist and enforcement guide. KISS, DRY, YAGNI principles plus concrete code smells and their fixes. Use before marking any task complete.

development

Updated Apr 25, 2026

$ install --global

skillsauth

npx skillsauth add a2mus/ecc-antigravity code-quality

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 25, 2026, 9:05 PM57.1s1 file scanned

SKILL.md

name:: code-quality
description:: Code quality review checklist and enforcement guide. KISS, DRY, YAGNI principles plus concrete code smells and their fixes. Use before marking any task complete.
tags:: quality, review, clean-code, refactoring, checklist
origin:: ECC coding-style + patterns (adapted for Antigravity)

When to Use

Before marking any task as complete
During code review of your own or others' code
When refactoring existing code
When you notice code that "feels wrong"

Pre-Completion Checklist

Run through this before considering any feature done:

Correctness

[ ] The feature works for the happy path
[ ] Edge cases are handled (empty input, null values, zero, negative numbers)
[ ] Error cases are handled and produce useful messages
[ ] Tests cover the behaviour (TDD compliant)

Readability

[ ] Functions and variables have descriptive names
[ ] No single-letter variables (except loop counters i, j)
[ ] No cryptic abbreviations
[ ] Complex logic has a brief comment explaining WHY (not WHAT)

Structure

[ ] Functions are small (< 50 lines each)
[ ] Files are focused (< 800 lines)
[ ] No deep nesting (> 4 levels) — use early returns
[ ] No duplicate logic (DRY rule applied)

Safety

[ ] No hardcoded values — use constants or config
[ ] No mutation of shared state
[ ] No swallowed exceptions (except: pass)

Core Principles Applied

KISS — Keep It Simple

# WRONG — over-engineered
class LayerProcessorFactory:
    def create_processor(self, strategy_type: str) -> LayerProcessor:
        if strategy_type == "simple":
            return SimpleLayerProcessor(SimpleStrategy())
        ...

# CORRECT — solve the actual problem
def process_layer(layer: QgsVectorLayer) -> list[dict]:
    return [feature.attributes() for feature in layer.getFeatures()]

DRY — Don't Repeat Yourself

# WRONG — duplicated validation logic
def process_file(path):
    if not path.exists():
        raise FileNotFoundError(path)
    ...

def load_config(path):
    if not path.exists():
        raise FileNotFoundError(path)
    ...

# CORRECT — extract to shared function
def require_file(path: Path) -> Path:
    if not path.exists():
        raise FileNotFoundError(f"Required file not found: {path}")
    return path

def process_file(path): require_file(path); ...
def load_config(path): require_file(path); ...

YAGNI — You Aren't Gonna Need It

# WRONG — building for imagined future requirements
class DataProcessor:
    def process(self, data, strategy=None, plugin=None,
                validator=None, transformer=None):  # nobody asked for this
        ...

# CORRECT — solve TODAY's problem
def process_data(data: list[dict]) -> list[dict]:
    return [transform(item) for item in data if is_valid(item)]

Code Smells & Fixes

Deep Nesting → Early Returns

# SMELL
def handle_request(request):
    if request:
        if request.user:
            if request.user.is_authenticated:
                if request.data:
                    return process(request.data)

# FIX
def handle_request(request):
    if not request:
        return None
    if not request.user or not request.user.is_authenticated:
        raise PermissionError("Authentication required")
    if not request.data:
        raise ValueError("Request data is required")
    return process(request.data)

Magic Numbers → Named Constants

# SMELL
if layer.featureCount() > 50000:
    use_chunked_processing()

# FIX
MAX_FEATURES_IN_MEMORY = 50_000

if layer.featureCount() > MAX_FEATURES_IN_MEMORY:
    use_chunked_processing()

Long Function → Decompose

# SMELL — a 80-line function doing 5 things
def process_and_export_layer(layer, output_path, format, crs, fields):
    # validate ...
    # transform ...
    # reproject ...
    # filter fields ...
    # export ...

# FIX — each step is its own focused function
def process_and_export_layer(layer, output_path, format, crs, fields):
    validated = validate_layer(layer)
    reprojected = reproject_to(validated, crs)
    filtered = select_fields(reprojected, fields)
    export_layer(filtered, output_path, format)

Mutable Default Argument (Python Gotcha)

# SMELL — the list is shared between calls!
def add_item(item, items=[]):
    items.append(item)
    return items

# FIX
def add_item(item, items=None):
    if items is None:
        items = []
    items.append(item)
    return items

Refactoring Workflow

Identify the smell — which rule above does it violate?
Write a test first — ensure behaviour is captured before changing code
Make the smallest change — one improvement at a time
Run tests — verify nothing broke
Commit — each refactor in its own commit: refactor: extract validate_layer helper

Related Skills

a2mus/tdd-workflow

development

VerifiedTrustedCommunity

Test-Driven Development workflow. Enforces RED → GREEN → REFACTOR cycle with 80% coverage gate. Use for all new features and bug fixes.

SKILL.mdUpdated Apr 25, 2026

a2mus/security-review

testing

VerifiedTrustedCommunity

Security audit checklist and workflow. Run before commits, PRs, or deploying. Covers secrets detection, input validation, OWASP Top 10, and dependency scanning.

SKILL.mdUpdated Apr 25, 2026

a2mus/security-review

a2mus/search-first

tools

VerifiedTrustedCommunity

Research-before-coding workflow. Search for existing tools, libraries, and patterns before writing custom code. Use whenever adding new functionality.

SKILL.mdUpdated Apr 25, 2026

a2mus/python-patterns

development

VerifiedTrustedCommunity

Comprehensive Python idioms, best practices, and patterns. Covers dataclasses, type hints, async, error handling, testing, and QGIS-specific patterns.

SKILL.mdUpdated Apr 25, 2026

a2mus/python-patterns

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/a2mus/ecc-antigravity.git

# Copy into Claude Code skills folder (global)
cp -r ecc-antigravity/skills/code-quality ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

a2mus/ecc-antigravity

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT