alirezarezvani/cto-review
c-level-advisor/c-level-agents/skills/cto-review/SKILL.md
/cs:cto-review <plan> — Architecture and scaling interrogation. Tech debt, scaling cliffs, team scaling, build-vs-buy.
$ install --global
skillsauthnpx skillsauth add alirezarezvani/claude-skills cto-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 3:32 AM187.1s1 file scanned
SKILL.md
- name:
- cto-review
- description:
- /cs:cto-review <plan> — Architecture and scaling interrogation. Tech debt, scaling cliffs, team scaling, build-vs-buy.
/cs:cto-review — CTO Forcing Questions
Command: /cs:cto-review <plan>
Pressure-tests architecture and engineering scaling decisions. Six questions to surface the next scaling cliff before you hit it.
When to Run
- Before approving a major architecture change
- Before doubling the engineering team
- Before a build-vs-buy decision > $100K/year
- When a system is showing reliability stress (SLOs missed)
- Before committing to a new platform / language / DB
The Six CTO Questions
1. Scaling Cliff
Where does the current architecture break, in terms of users / requests / data volume?
- Be specific. "It breaks at 10× current load because the primary DB writes saturate."
- If you don't know, run a load test before deciding.
2. Tech Debt Inventory
What's the top tech debt item, what's it costing per week, and when does it become blocking?
python ../../../skills/cto-advisor/scripts/tech_debt_analyzer.py
3. Team Scaling
For each open req, what's the ramp time and contribution model?
python ../../../skills/cto-advisor/scripts/team_scaling_calculator.py
4. Build vs Buy
Why are we building this instead of buying it — and what's the 3-year TCO of each?
- If "we want control" or "it's not that hard" — push back.
- If the answer is "this is our core moat," build.
5. SLO / Reliability
What are the SLOs for this system and what's the current error budget burn?
- Without an SLO, you can't reason about reliability tradeoffs.
- See
engineering/slo-architectfor SLO design.
6. Security & Compliance Surface
What does this expose, and has cs-ciso-advisor signed off?
- Architecture decisions are compliance decisions.
- Loop in cs-ciso-advisor before commit.
Workflow
- Run the tech debt analyzer + team scaling calculator
- Define the scaling-cliff hypothesis explicitly
- Cross-check with cs-ciso-advisor for security implications
- Apply the verdict
Output Format
# CTO Review: <plan>
**Date:** YYYY-MM-DD
## Scaling Cliff
- Current capacity: <metric>
- Break point: <metric>
- Headroom: X months at current growth
## Tech Debt
- Top item: <description>
- Cost per week: $X or N eng-hours
- Blocking date estimate: <date>
## Team
- Open reqs: N
- Median ramp: X months
- Contribution model: <pairing / squad / area>
## Build vs Buy
- 3-year build TCO: $X
- 3-year buy TCO: $X
- Strategic fit: <core / context>
- Decision: BUILD | BUY
## Reliability
- SLO defined: yes / no
- Error budget burn: X% (target < Y%)
## Security
- cs-ciso sign-off: ✅ / ❌
## Verdict
🟢 SHIP | 🟡 SHARPEN | 🔴 BLOCK
## Next Steps
[3 concrete actions]
Routing
/cs:ciso-review— mandatory if data surface changes/cs:cfo-review— for build-vs-buy > $100K/cs:execute— quarterly plan/cs:boardroom— for architecture pivots
Related
- Agent:
cs-cto-advisor - Skill:
cto-advisor - SLO:
../../../../engineering/slo-architect/
Version: 1.0.0
Related Skills
alirezarezvani/code-reviewer
tools
VerifiedTrustedCommunity
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin, C#, .NET, Java, C, C++, Rust, Ruby, PHP, and Dart/Flutter. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.
16,546SKILL.mdUpdated May 10, 2026
alirezarezvani/research-ops-skills
tools
VerifiedTrustedCommunity
Use when planning, funding, scoping, or synthesizing enterprise research across workstreams — clinical study design, R&D program finance, market sizing/surveys, or product/user research. Triggers on "design this clinical study", "what sample size", "R&D budget", "burn rate", "capitalize or expense", "TAM SAM SOM", "market sizing", "survey design", "segment the market", "plan user interviews", "usability test", "synthesize research insights". Forks context to route to one of four Research-Operations sub-skills (clinical-research, research-finance, market-research, product-research) and returns a digest. Distinct from ra-qm-team (regulatory submission), finance (corporate close/valuation), research/grants (funding discovery), product-team (persona/journey/live experiments), and marketing-skill (campaign analytics).
16,359SKILL.mdUpdated May 28, 2026
alirezarezvani/research-finance
development
VerifiedTrustedCommunity
Use when managing the money for an internal R&D program or portfolio — building a multi-period program budget with the F&A (indirect) split, tracking burn rate and runway against value-inflection milestones, or routing R&D cost items to a capitalize-vs-expense determination. Every budget output surfaces its assumptions block; capitalize-vs-expense is decision-support only and routes to a named finance owner — it never books an entry or decides accounting treatment. Distinct from finance/financial-analysis (corporate DCF, close, valuation) and research/grants (funding discovery — this manages money already won).
16,359SKILL.mdUpdated May 28, 2026
alirezarezvani/product-research
development
VerifiedTrustedCommunity
Use when planning and synthesizing product/user research as a method-and-repository discipline — selecting the right method for the goal (generative interviews vs usability test vs concept test vs validation), computing method-based saturation/sample size with an explicit confidence level, or synthesizing coded observations into insights while flagging single-source anecdotes. Never fabricates user insight; an insight requires recurrence across independent participants. Distinct from product-team/ux-researcher-designer (persona/journey artifacts), product-discovery (discovery-sprint planning), and experiment-designer (live A/B) — this is the research-ops method + insight-repository layer.
16,359SKILL.mdUpdated May 28, 2026