acedergren/review-all
skills/review-all/SKILL.md
Use when preparing a PR or completing a phase of work and needing a full-spectrum code review. Runs security, API audit, and scope reviewers in parallel and synthesizes findings into a single go/no-go report. Read-only — no file modifications. Keywords: pre-PR review, security audit, API audit, scope review, code review, merge check.
$ install --global
skillsauthnpx skillsauth add acedergren/agentic-tools review-allInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:59 AM103.4s1 file scanned
SKILL.md
- name:
- review-all
- description:
- Use when preparing a PR or completing a phase of work and needing a full-spectrum code review. Runs security, API audit, and scope reviewers in parallel and synthesizes findings into a single go/no-go report. Read-only — no file modifications. Keywords: pre-PR review, security audit, API audit, scope review, code review, merge check.
Review All
Comprehensive pre-PR review: run specialized reviewers in parallel, synthesize into a single report. Read-only — no changes.
NEVER
- Never let any reviewer edit files during this pipeline — read-only is non-negotiable.
- Never report duplicate findings separately when two reviewers flag the same line — merge into one finding.
- Never review the whole repository when the user only changed a narrow diff — scope to changed files.
- Never use this as a substitute for lint, typecheck, or tests — it complements them, runs after them.
- Never run this for implementation tasks or auto-remediation requests — wrong tool.
Pipeline
Step 1: Identify changed files
git diff --name-only main...HEAD
# On main: git diff --name-only HEAD~5
# Or: bash scripts/detect-review-range.sh
Step 2: Launch parallel review agents
Spawn all agents simultaneously via Task tool:
| Agent | Type | Scope | Checks |
|---|---|---|---|
| Security Reviewer | security-reviewer (custom) | Changed files only | OWASP Top 10, IDOR, injection, auth gaps |
| API Route Auditor | Explore agent | Routes + types dirs | Schema coverage, type drift, auth hooks |
| Scope Auditor | Explore agent | git diff output | Out-of-scope modifications, formatting-only noise |
Add project-specific reviewers as needed (DB query reviewer, framework reviewer).
Step 3: Synthesize report
## Pre-PR Review Report
### Summary
| Reviewer | Findings | Critical | Warnings |
|-----------|----------|----------|----------|
| Security | 2 | 0 | 2 |
| API Audit | 3 | 1 | 2 |
| Scope | 1 | 0 | 1 |
### Critical Issues (must fix before merge)
[CRITICAL/HIGH findings with file:line references]
### Warnings (consider fixing)
[MEDIUM/LOW findings]
### Clean Areas
[What passed with no issues]
Step 4: Verdict
End with one clear statement:
- READY TO MERGE — No critical issues, warnings acceptable
- NEEDS FIXES — Critical issues found; list exactly what must change
- NEEDS DISCUSSION — Architectural concerns or ambiguous scope
Arguments
- (empty): Review changes vs
main HEAD~3: Review last 3 commits--security-only: Only security reviewer
Related Skills
acedergren/skills/api-audit
development
VerifiedTrustedCommunity
--- name: api-audit description: "Use when auditing API routes for schema drift, missing auth, or validation gaps. Scans routes against shared TypeScript types to find mismatches, missing middleware, and undocumented endpoints. Read-only — produces a severity-grouped report. Keywords: audit routes, schema drift, auth gaps, missing validation, type mismatch, orphaned schemas. Triggers on "audit API routes" or "find schema drift"." --- # API Route & Type Audit Skill ## When to Use Load this skil
14SKILL.mdUpdated Mar 26, 2026
acedergren/write-natural-swedish
development
VerifiedTrustedCommunity
Use when drafting, translating, polishing, or reviewing Swedish text so it sounds natural, fluent, contemporary, and appropriate for its audience. Triggers include "write better Swedish", "make this sound natural in Swedish", "translate into Swedish", "polish this Swedish", "tech company Swedish", "contemporary Swedish words", "Swedish developer docs", and "avoid Anglicisms".
13SKILL.mdUpdated May 13, 2026
acedergren/shadcn-svelte
development
VerifiedTrustedCommunity
Use when working with shadcn-svelte components, TanStack Table in Svelte 5, or Tailwind v4.1. Covers non-obvious reactivity bugs, library selection trade-offs, and migration pitfalls not in the official docs. Keywords: shadcn-svelte, TanStack Table, Tailwind v4.1, Svelte 5 runes, bits-ui, superforms, data table, svelte-check.
13SKILL.mdUpdated Mar 26, 2026
acedergren/oracle-idcs-org-provisioning
data-ai
VerifiedTrustedCommunity
Use when mapping IDCS claims to org membership after OAuth login succeeds. Covers mapProfileToUser, session.create.before, session.create.after hooks, MERGE INTO upserts, tenant-org mapping, and first-admin bootstrap. Keywords: IDCS groups, org_members, provisioning, session hooks, tenant map, MERGE INTO.
13SKILL.mdUpdated Mar 26, 2026