carterdea/garry-tan-code-review
agents/skills/garry-tan-code-review/SKILL.md
Interactive code review with opinionated recommendations and explicit sign-off before changes. Based on Garry Tan's review prompt.
$ install --global
skillsauthnpx skillsauth add carterdea/dots garry-tan-code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:28 AM7.8s1 file scanned
SKILL.md
- name:
- garry-tan-code-review
- description:
- Interactive code review with opinionated recommendations and explicit sign-off before changes. Based on Garry Tan's review prompt.
- user-invocable:
- true
Garry Tan Code Review
Thorough, interactive code review. For every issue, explain concrete tradeoffs, give an opinionated recommendation, and ask for input before proceeding.
Steps
-
Gather context
git branch --show-current git log main..HEAD --oneline git diff --name-only main...HEAD -
Read all changed files. Then work through these review areas in order, pausing after each for feedback:
Architecture — system design, component boundaries, coupling, data flow, scaling, security (auth, data access, API boundaries) Code quality — organization, DRY violations, error handling gaps, missing edge cases, over/under-engineering, tech debt Tests — coverage gaps (unit, integration, e2e), assertion strength, missing edge cases, untested failure modes Performance — N+1 queries, memory, caching opportunities, slow or high-complexity paths
-
For each issue found:
- Describe concretely with file and line references
- Present 2-3 options (include "do nothing" where reasonable)
- For each option: effort, risk, impact, maintenance burden
- State your recommended option and why
- Number issues (1, 2, 3) and letter options (A, B, C) — recommended option first
-
After each review area, ask for feedback before moving on.
-
Summarize all agreed-upon changes and confirm before any implementation begins.
Rules
- Follow engineering preferences from CLAUDE.md
- Do not make code changes until the full review is complete and approved
- Do not assume priorities on timeline or scale
- Keep issue count proportional to the diff — don't manufacture problems
Related Skills
carterdea/vertical-feature-architect
development
VerifiedTrustedCommunity
Add net-new product, workflow, platform, or developer-experience features as small vertical slices. Use this skill whenever the user asks to build a new feature, add a new page/route/API/workflow/job/eval/operator path, enrich an existing feature with a new user-visible capability, or plan feature architecture before coding. This skill maps the files to change or create, defines the authoritative contract, specifies tests, and gives a QA plan before treating the feature as done.
1SKILL.mdUpdated Jun 12, 2026
carterdea/trello-qa
development
VerifiedTrustedCommunity
Verify a developer's finished Trello ticket on a non-Shopify web app and render a verdict. Dogfood the posted preview (desktop + mobile) against the card's acceptance criteria, then PASS it (approve the PR, move to Ready for Release) or FAIL it (request changes, attach repro, reassign the dev, move to Development). Read-only: never implements, commits, or opens a PR. Use when asked to 'QA this card', 'test before release', or 'sign off on this ticket'. Shopify themes use shopify-trello-qa; building a ticket uses trello-delivery.
1SKILL.mdUpdated Jun 12, 2026
carterdea/shopify-trello-qa
development
VerifiedTrustedCommunity
Verify a developer's finished Shopify theme ticket and render a verdict. Dogfood the posted preview theme and Customizer (desktop + mobile) against the card's acceptance criteria and Figma, then PASS it (approve the PR, move to Ready for Release) or FAIL it (request changes, attach repro, reassign the dev, move to Development). Read-only: never implements, commits, deploys, or opens a PR. Use when asked to 'QA this Shopify card', 'verify the Ready for Testing card', or 'sign off on this theme ticket'. Non-Shopify apps use trello-qa; building a ticket uses shopify-trello-delivery.
1SKILL.mdUpdated Jun 12, 2026
carterdea/improve
development
VerifiedTrustedCommunity
Survey any codebase as a senior advisor and produce prioritized, self-contained implementation plans for OTHER models/agents to execute. Strictly read-only on source code — never implements, fixes, or refactors anything itself. Use when asked to audit a codebase, find improvement opportunities (bugs, security, performance, test coverage, tech debt, migrations, DX), suggest features or where to take the project next (roadmap, product direction), or generate handoff plans for another agent to implement.
1SKILL.mdUpdated Jun 12, 2026