Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

a2mus/speckit-code-review

Name: speckit-code-review
Author: a2mus

.agent/skills/speckit-code-review/SKILL.md

npx skillsauth add a2mus/smart-da3m speckit-code-review

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Speckit Code-Review Skill

Code Review

Comprehensive security and quality review of uncommitted changes:

Look at the the diffs or uncommitted changes.
For each changed file, check for:

Security Issues (CRITICAL):

Hardcoded credentials, API keys, tokens
SQL injection vulnerabilities
XSS vulnerabilities
Missing input validation
Insecure dependencies
Path traversal risks

Code Quality (HIGH):

Functions > 50 lines
Files > 800 lines
Nesting depth > 4 levels
Missing error handling
console.log statements
TODO/FIXME comments
Missing JSDoc for public APIs

Best Practices (MEDIUM):

Mutation patterns (use immutable instead)
Emoji usage in code/comments
Missing tests for new code
Accessibility issues (a11y)

Generate a Markdown report with:
- Severity: CRITICAL, HIGH, MEDIUM, LOW
- File location and line numbers
- Issue description
- Suggested fix
Fix CRITICAL or HIGH issues found immediately. Never approve code with security vulnerabilities!

a2mus/speckit-code-review

.agent/skills/speckit-code-review/SKILL.md

Comprehensive security and quality review of uncommitted changes.

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add a2mus/smart-da3m speckit-code-review

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 1:38 AM5.5s1 file scanned

SKILL.md

name:: speckit-code-review
description:: Comprehensive security and quality review of uncommitted changes.
compatibility:: Requires spec-kit project structure with .specify/ directory
author:: github-spec-kit
source:: templates/commands/code-review.md

Speckit Code-Review Skill

Code Review

Comprehensive security and quality review of uncommitted changes:

Look at the the diffs or uncommitted changes.
For each changed file, check for:

Security Issues (CRITICAL):

Hardcoded credentials, API keys, tokens
SQL injection vulnerabilities
XSS vulnerabilities
Missing input validation
Insecure dependencies
Path traversal risks

Code Quality (HIGH):

Functions > 50 lines
Files > 800 lines
Nesting depth > 4 levels
Missing error handling
console.log statements
TODO/FIXME comments
Missing JSDoc for public APIs

Best Practices (MEDIUM):

Mutation patterns (use immutable instead)
Emoji usage in code/comments
Missing tests for new code
Accessibility issues (a11y)

Generate a Markdown report with:
- Severity: CRITICAL, HIGH, MEDIUM, LOW
- File location and line numbers
- Issue description
- Suggested fix
Fix CRITICAL or HIGH issues found immediately. Never approve code with security vulnerabilities!

Related Skills

a2mus/speckit-analyze

testing

VerifiedTrustedCommunity

Perform cross-artifact consistency analysis across spec.md, plan.md, and tasks.md. Use after task generation to identify gaps, duplications, and inconsistencies before implementation.

SKILL.mdUpdated Apr 17, 2026

a2mus/speckit-analyze

a2mus/speckit-verify

development

VerifiedTrustedCommunity

Run comprehensive verification on current codebase state.

SKILL.mdUpdated Apr 16, 2026

a2mus/speckit-update-upstream

testing

VerifiedTrustedCommunity

Intelligently sync your fork with the upstream spec-kit repository. Reads both versions of every changed file, compares quality, and produces the richest possible result by blending the best of each.

SKILL.mdUpdated Apr 16, 2026

a2mus/speckit-update-upstream

a2mus/speckit-uidesign

development

VerifiedTrustedCommunity

Impeccable UI design workflow — create distinctive, production-grade interfaces or enhance existing ones. Integrates design context gathering, anti-pattern detection, heuristic scoring, and systematic polish. Works after speckit-brainstorm (new design) or on existing UI code (enhancement mode).

SKILL.mdUpdated Apr 16, 2026

a2mus/speckit-uidesign

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/a2mus/smart-da3m.git

# Copy into Claude Code skills folder (global)
cp -r smart-da3m/.agent/skills/speckit-code-review ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

a2mus/smart-da3m

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT