andretauan/tao-code-review
skills/en/tao-code-review/SKILL.md
Structured 6-axis code review covering correctness, security, performance, readability, tests, and patterns. Use when reviewing code, doing pull request reviews, or checking code quality.
$ install --global
skillsauthnpx skillsauth add andretauan/tao tao-code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 2:30 PM148.9s1 file scanned
SKILL.md
- name:
- tao-code-review
- description:
- Structured 6-axis code review covering correctness, security, performance, readability, tests, and patterns. Use when reviewing code, doing pull request reviews, or checking code quality.
- user-invocable:
- false
TAO Code Review (6-Axis)
When to use
Use for code reviews, PR reviews, or quality checks on any code modification.
The 6 Axes
Axis 1 — Correctness
- Does the code do what it claims?
- Are edge cases handled? (null, empty, boundary values)
- Are error paths correct? (try/catch, fallbacks, error propagation)
- Are race conditions possible? (async, concurrency, shared state)
Axis 2 — Security
- Input validation at system boundaries?
- SQL injection: parameterized queries only?
- XSS: output encoding/sanitization?
- Authentication: permissions checked before data access?
- Secrets: no hardcoded credentials? (.env only)
- File uploads: real MIME type validation?
Axis 3 — Performance
- N+1 queries? (batch fetches instead)
- Unnecessary loops inside loops? (O(n²) → O(n))
- Unbounded lists? (pagination, limits)
- Missing indexes on frequently queried columns?
- Memory leaks? (unclosed connections, listeners)
Axis 4 — Readability
- Clear naming? (functions = verbs, variables = nouns)
- Functions under ~30 lines?
- Nesting depth ≤ 3? (early returns, guard clauses)
- No magic numbers? (named constants)
- Comments explain WHY, not WHAT?
Axis 5 — Tests
- Are new features tested?
- Are edge cases covered?
- Are tests independent? (no shared mutable state)
- Are assertions specific? (not just "no error thrown")
- Is coverage adequate for critical paths?
Axis 6 — Patterns
- Consistent with project conventions? (read CLAUDE.md)
- No unnecessary abstractions for one-time code?
- Error handling follows project pattern?
- File structure follows project conventions?
Review Output Format
## Code Review — [file/feature]
### ✅ Passed
- [axis]: [what's good]
### ⚠️ Suggestions
- [axis]: [improvement with rationale]
### 🚫 Blockers
- [axis]: [must fix before merge]
### Verdict: APPROVE | REQUEST CHANGES | COMMENT
Review Etiquette
- Be specific: "line 42: missing null check" > "handle errors better"
- Suggest solutions, not just problems
- Distinguish nitpicks from blockers
- Acknowledge good code, not just bad
Related Skills
andretauan/tao-test-strategy
testing
VerifiedTrustedCommunity
Estratégia de pirâmide de testes com análise de cobertura, identificação de edge cases e planejamento de testes. Use ao planejar testes, melhorar cobertura, identificar edge cases ou escrever especificações de teste.
18SKILL.mdUpdated Apr 23, 2026
andretauan/tao-security-audit
development
VerifiedTrustedCommunity
Auditoria de segurança alinhada ao OWASP Top 10 com checklist para injection, XSS, autenticação, autorização, gestão de secrets e vulnerabilidades comuns. Use ao auditar segurança, revisar código de auth ou hardening de aplicação.
18SKILL.mdUpdated Apr 23, 2026
andretauan/tao-refactoring
development
VerifiedTrustedCommunity
Metodologia de refatoração segura com detecção de code smells, transformação passo-a-passo e prevenção de regressão. Use ao refatorar código, reduzir dívida técnica ou melhorar estrutura.
18SKILL.mdUpdated Apr 23, 2026
andretauan/tao-plan-writing
testing
VerifiedTrustedCommunity
Decomposição expert de tarefas para criar PLAN.md no TAO. Quebra features em fases e tarefas com critérios de aceite, estimativas e dependências. Use ao planejar trabalho, criar fases ou decompor features.
18SKILL.mdUpdated Apr 23, 2026