alexei-led/planning-review
platforms/pi/skills/planning-review/SKILL.md
Review implementation plans in docs/plans/ for correctness, scope, testing, and over-engineering. Use when user asks to review a plan before coding or validate plan quality.
$ install --global
skillsauthnpx skillsauth add alexei-led/claude-code-config planning-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 3:26 AM215.4s1 file scanned
SKILL.md
- name:
- planning-review
- description:
- Review implementation plans in docs/plans/ for correctness, scope, testing, and over-engineering. Use when user asks to review a plan before coding or validate plan quality.
Planning Review
Review a plan file. Read-only unless the user explicitly asks for edits after the review.
Inputs
Use the plan path from the user. If missing:
- list
docs/plans/*.md - exclude
docs/plans/completed/ - if one plan exists, use it
- if several exist, ask which one with
ask_user_question
Context Loading
Before reviewing:
- Read the plan.
- Read
CLAUDE.md,AGENTS.md, or equivalent project guidance if present. - Read 1-3 relevant code files named in the plan to verify the plan fits reality.
- Load custom rules with:
bash ../planning-common/scripts/resolve-rules.sh planning-rules.md
Apply custom rules as extra review criteria.
For broad plans, spawn one bounded background reviewer or planner agent for an independent pass, then verify its claims yourself:
Agent({
subagent_type: "planner",
description: "Review plan fit",
run_in_background: true,
prompt: "Review <plan path> against current code. Return only blockers, missing tasks, and over-engineering. Do not edit."
})
Use web tools only when the plan depends on external APIs, standards, or migration guidance.
Review Checklist
Critical
- Problem is stated clearly.
- Proposed solution actually solves it.
- Missing steps do not exist.
- Edge cases are covered.
- Testing is explicit for each task.
Scope
- No unrelated work.
- No scope creep hidden as cleanup.
- Task ordering makes sense.
- Dependencies are acknowledged.
Simplicity
- No speculative abstractions.
- No "future-proofing" garbage without a real need.
- No split into layers that add ceremony but no value.
- Simpler path noted when one exists.
Task Quality
- One logical unit per task.
- Specific task names.
- File lists present.
- Tests are separate checklist items.
- Verification step exists before completion.
Conventions
- Matches project rules and existing patterns.
- Respects testing style and tooling.
- Avoids naming or structure that conflicts with current code.
Output Format
Report problems only.
If structured_output is available, use it for the final verdict and prioritized fixes.
## Plan Review
### CRITICAL
- `[plan-review]` Section or task — issue. Fix.
### IMPORTANT
- `[plan-review]` Section or task — issue. Fix.
### MINOR
- `[plan-review]` Section or task — issue. Fix.
### Verdict
- APPROVE
- NEEDS REVISION
Rules:
- Tag every finding with
[plan-review]. - Cite the section or task.
- State the problem, why it matters, and the fix.
- No praise. No filler. No fake balance.
If User Wants Revisions
After review, if the user asks to fix the plan:
- edit the plan directly
- preserve existing structure unless it is wrong
- re-run a brief self-review against the checklist
Related Skills
alexei-led/writing-shell
tools
VerifiedTrustedCommunity
Idiomatic shell development for POSIX sh, Bash, Zsh, Fish, hooks, CI shell steps, and scriptable CLI glue. Use when writing or changing `.sh`, `.bash`, `.zsh`, `.fish`, `.bats`, shell functions, shell pipelines, or command-runner recipes. Emphasizes portability, quoting, safe filesystem/process handling, non-TUI CLI tools, ShellCheck, shfmt, Bats, and ShellSpec. NOT for Python, TypeScript, Go, web code, or infrastructure operations.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/spec-flow
tools
VerifiedTrustedCommunity
Use when planning, executing, checkpointing, finishing, or inspecting lightweight spec-driven work. Runs one task at a time using `.spec/` markdown files and the bundled `specctl` helper. NOT for broad product discovery beyond a short requirement interview.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/operating-infra
testing
VerifiedTrustedCommunity
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/configuring-git-hygiene
development
VerifiedTrustedCommunity
Configure safe git workflow hygiene: pre-commit/pre-push hooks, Gitleaks secret scanning, .gitignore rules, local git config, and guardrails. Use when setting up git hooks, gitleaks/git leaks, staged pre-commit checks, pre-push validation, core.hooksPath, .gitignore, or git config best practices. NOT for creating commits (use committing-code), cleaning branches/worktrees (use cleanup-git), or creating worktrees (use using-git-worktrees).
33SKILL.mdUpdated Jun 5, 2026