amhuppert/code-standards-review
claude/ai-resources-plugin/skills/code-standards-review/SKILL.md
Review a codebase for adherence to code standards. Uses specialized agents with progressive disclosure to determine which standards apply.
$ install --global
skillsauthnpx skillsauth add amhuppert/my-ai-resources code-standards-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 7, 2026, 3:44 AM160.1s8 files scanned
SKILL.md
- name:
- code-standards-review
- description:
- Review a codebase for adherence to code standards. Uses specialized agents with progressive disclosure to determine which standards apply.
Code Standards Review Skill
Overview
This skill provides comprehensive code standards audits using specialized agents. It automatically determines which code standards apply to your codebase and launches focused review agents only for applicable standards, reporting findings in a user-friendly format with recommendations.
The skill provides:
- Scope control (entire project or specific directory)
- Automatic detection of applicable standards
- Parallel agent-based reviews
- Summary-first reporting with user review/approval phase
- Detailed findings organized by standard
How It Works
Phase 1: Scope Analysis
When invoked, the skill first determines:
- Scope: Entire project (default) or user-specified directory via optional argument
- Technology Stack: Detected file types (TypeScript, React, Zustand, etc.)
- Applicable Standards: Which standards apply based on detected technologies
Phase 2: Progressive Disclosure
The skill uses progressive disclosure to launch only relevant agents:
Detected Automatically:
All Codebases:
- General Standards Reviewer - Always runs (code quality, comments, error handling, YAGNI)
TypeScript Projects:
- TypeScript Type Safety Reviewer - Validates or identifies type safety issues
- Testing Reviewer - Audits test quality, mocking strategy, and test value vs. maintenance cost
- Zustand Reviewer - Validates existing stores OR identifies where Zustand should be used (prescriptive pattern)
- Dependency Injection Reviewer - Validates existing DI OR identifies where DI should be introduced (prescriptive pattern)
React Projects:
- Colocation Reviewer - Organization and file structure (any codebase type)
- TanStack Query Reviewer - Validates existing queries OR identifies where TanStack Query should be used (prescriptive pattern)
The system scans for file types and project characteristics to determine relevance. The Zustand, Dependency Injection, and TanStack Query reviewers run on applicable projects even if those patterns aren't currently used, identifying opportunities for best-practice adoption.
Phase 3: Parallel Reviews
When applicable standards are determined, specialized agents are launched in parallel:
- General Standards Reviewer - Code quality, control flow, comments, error handling, YAGNI
- Colocation Reviewer - Organization and file structure
- TypeScript Type Safety Reviewer - Type safety standards
- Testing Reviewer - Test quality, mocking strategy, test value vs. maintenance cost
- Zustand Reviewer - State management best practices (validates existing or identifies where to use)
- Dependency Injection Reviewer - Service layer and DI patterns (validates existing or identifies where to use)
- TanStack Query Reviewer - Data fetching patterns (validates existing or identifies where to use)
Each agent provides prescriptive guidance:
- Reviews existing implementations against best practices
- Identifies opportunities for improvement or adoption of preferred patterns
- Provides specific recommendations with rationale
Each finding includes:
- Specific file paths and line numbers
- Current vs. recommended patterns
- Rationale and severity levels
- Implementation guidance
Phase 4: Summary Report
Findings are aggregated into a summary report showing:
- Standards Overview: Which standards were checked
- Critical Issues: Most important violations requiring immediate attention
- High Priority Issues: Important issues to address
- Medium Priority Issues: Good-to-have improvements
- Agent-specific Findings: Detailed results from each reviewer
Phase 5: User Review & Action Planning
The user is presented with findings and asked:
- Which issues should be addressed?
- What priority order for fixes?
- Request for approval to generate detailed recommendations
Usage
Basic Usage (Entire Project)
To audit your entire project against code standards, invoke the skill with:
"Review my codebase for code standards"
or
"Audit my project for standards violations"
Scoped Usage (Specific Directory)
To audit a specific directory, include the path:
"Review my /src/features directory for standards"
or
"Audit /src/components for code standards violations"
or
"Check the /app/products scope against standards"
Outcome
The skill produces:
- Summary Report - Overview of findings by severity
- Detailed Findings - Per-agent results with specific recommendations
- Action Plan - Prioritized list of changes to make
- Implementation Guide - Specific steps to fix each category of issue
Standards Covered
Always Reviewed (All Codebases)
- General Code Standards - Control flow, comments, error handling, YAGNI principle
TypeScript Projects
- TypeScript - Type safety and strict typing (prescriptive: identifies unsafe patterns)
- Testing - Test quality, mocking strategy, and test value vs. maintenance cost
- Zustand - State management best practices (prescriptive: identifies where to use or improve)
- Dependency Injection - Service layer and context patterns (prescriptive: identifies where to use or improve)
React Projects
- Colocation - File organization and structural patterns (any architecture)
- TanStack Query - Query key factories and caching patterns (prescriptive: identifies where to use or improve)
Each standard has comprehensive reference documentation available in the skill's references/ directory for detailed guidance. The Testing reviewer works in conjunction with the Dependency Injection reviewer — proper DI eliminates most mocking needs. The Zustand, Dependency Injection, and TanStack Query agents are prescriptive reviewers that identify both violations of existing implementations AND opportunities to adopt these preferred patterns even if not currently used.
Standards Referenced
@references/colocation-standards.md- Code organization principles@references/general-code-standards.md- Quality and design principles@references/testing-standards.md- Test quality, mocking strategy, test value@references/zustand-reference.md- State management best practices@references/dependency-injection.md- Service layer patterns@references/typescript-general.md- Type safety standards@references/tanstack-query-key-factory-reference.md- Query pattern best practices
Key Features
Progressive Disclosure
Only launches agents for standards applicable to detected technologies. A vanilla JavaScript project won't get Zustand or TypeScript reviews.
Parallel Execution
Multiple agents work simultaneously, dramatically reducing review time while maintaining quality.
Severity-Based Prioritization
Findings are categorized as Critical (must fix), High (important), or Medium (nice-to-have), helping you prioritize effort.
User Review Phase
Before implementation, you're shown summary findings and asked which issues to address, ensuring you're aligned with recommendations.
Detailed Reporting
Each finding includes:
- File path and line number
- Current pattern vs. recommended pattern
- Rationale for the recommendation
- Implementation effort estimate
The skill provides everything needed for a comprehensive standards audit and actionable recommendations for improvement.
Related Skills
amhuppert/hotkey-helper
tools
VerifiedTrustedCommunity
Use when picking or vetting a keyboard shortcut on macOS. Triggers include "what hotkey should I use for X", "is `<combo>` available", "does this shortcut conflict", "recommend a keybinding for…", "check `<combo>` against my setup", "pick a hotkey for…", or any mention of choosing/binding/changing a shortcut in WezTerm, tmux, Zed, Chrome, Claude Code, or macOS. Determines whether a proposed combo collides with OS-reserved bindings, app defaults, or the user's customizations, and recommends ergonomic alternatives when needed.
2SKILL.mdUpdated Jun 2, 2026
amhuppert/knip
development
VerifiedTrustedCommunity
Detect and remove dead code with knip. Use when the user asks to "run knip", "find unused files", "find unused exports", "find unused dependencies", "clean up dead code", "remove dead code", "set up knip", "configure knip", "knip.json", "knip false positive", "knip CI", or mentions a `knip` config, dependency bloat, bundle bloat from unused imports, or tree-shaking unused exports. Covers the configuration-first workflow, confidence-gated deletion, framework-specific gotchas (Next.js 15+, Tailwind, Storybook, Jest, Bun's test runner and `bun build --compile`), monorepos, CI integration, and performance tuning.
1SKILL.mdUpdated May 27, 2026
amhuppert/react-scan
tools
VerifiedTrustedCommunity
This skill should be used when the user asks to "set up react-scan", "install react-scan", "diagnose React re-renders", "find unnecessary renders", "find unstable props", "automate React render checks with Playwright", "react-scan + playwright", "measure component renders programmatically", "check why a React component is slow", or mentions React rendering issues, slow React interactions, render counts, or component-level perf attribution. Covers install across Next.js/Vite/Remix/script-tag/browser-extension, the lite headless API for CI, and the canonical render-attribution → fix → validate loop driven through Playwright.
1SKILL.mdUpdated May 20, 2026
amhuppert/knowledge-base-ingest
documentation
VerifiedTrustedCommunity
This skill should be used when integrating source material into a knowledge base, including when the user asks to "integrate this document into the knowledge base", "add this transcript to the memory bank", "ingest this document", "update the knowledge base", "analyze a new source document", or "sync current-state docs with this source".
1SKILL.mdUpdated May 17, 2026