etylsarin/code-commenting
src/orchestrator/skills/code-commenting/SKILL.md
Guidelines for writing self-explanatory code with minimal comments. Covers when to comment (WHY not WHAT), anti-patterns to avoid, annotation tags, and public API documentation. Use when writing or reviewing code comments, docstrings, TODO/FIXME tags, code readability, or inline comments.
$ install --global
skillsauthnpx skillsauth add etylsarin/opencastle code-commentingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 17, 2026, 3:05 AM188.9s1 file scanned
SKILL.md
- name:
- code-commenting
- description:
- Guidelines for writing self-explanatory code with minimal comments. Covers when to comment (WHY not WHAT), anti-patterns to avoid, annotation tags, and public API documentation. Use when writing or reviewing code comments, docstrings, TODO/FIXME tags, code readability, or inline comments.
Code Commenting
Comment WHY, not WHAT. Prefer renaming over commenting.
When to Comment
| Situation | Action | |-----------|--------| | Self-explanatory code | No comment | | Bad name is the real problem | Rename instead | | Complex business logic / non-obvious algorithm | Comment WHY | | Regex, API constraints, gotchas | Comment WHY | | Public API function/method | JSDoc | | Magic number / config constant | Inline rationale |
Examples
// ✗ Obvious
let counter = 0; // Initialize counter to zero
// ✓ WHY
// Apply progressive tax brackets: 10% up to 10k, 20% above
const tax = calculateProgressiveTax(income, [0.1, 0.2], [10000]);
// ✓ Algorithm rationale
// Floyd-Warshall: need all-pairs distances, not just single-source
for (let k = 0; k < vertices; k++) { /* ... */ }
// ✓ API constraint
// GitHub API: 5000 req/hr for authenticated users
await rateLimiter.wait();
// ✓ Config rationale
const MAX_RETRIES = 3; // network reliability baseline
const API_TIMEOUT = 5000; // Lambda max is 15 s — leave headroom
Public APIs — JSDoc
/**
* @param principal - Initial amount
* @param rate - Annual rate as decimal (0.05 = 5%)
* @param time - Years
* @param n - Compounds per year (default 1)
* @returns Final amount
*/
function calculateCompoundInterest(principal, rate, time, n = 1) { ... }
Annotation Tags
| Tag | Use |
|-----|-----|
| TODO | Planned work |
| FIXME | Known bug needing fix |
| HACK | Workaround — note why and when to remove |
| NOTE | Important non-obvious constraint |
| WARNING | Side effect / mutation risk |
| PERF | Hot path — optimization opportunity |
| SECURITY | Security-sensitive code |
| DEPRECATED | Note replacement and removal version |
Anti-Patterns
| Anti-pattern | Rule | |--------------|------| | Commented-out code | Delete it — git has history | | Changelog in comments | Use git log | | Decorative dividers | Use proper file/section structure |
Checklist
- [ ] Explains WHY, not WHAT
- [ ] Still accurate after the change
- [ ] Adds genuine value
- [ ] Placed above the code it describes
Related Skills
etylsarin/validation-gates
development
VerifiedTrustedCommunity
Defines 10 sequential validation gates: secret scanning, lint/test/build checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, and smoke tests. Use when running pre-deploy validation or CI checks, CI/CD pipelines, deployment pipeline validation, pre-merge checks, continuous integration, or pull request validation.
44SKILL.mdUpdated May 17, 2026
etylsarin/testing-workflow
development
VerifiedTrustedCommunity
Generates test plans, writes unit/integration/E2E test files, identifies coverage gaps, and flags common testing anti-patterns. Use when writing tests, creating test suites, planning test strategies, mocking dependencies, measuring code coverage, or test planning.
44SKILL.mdUpdated May 17, 2026
etylsarin/team-lead-reference
development
VerifiedTrustedCommunity
Provides model routing rules, validates delegation prerequisites, supplies cost tracking templates, and defines dead-letter queue formats for Team Lead orchestration. Load when assigning tasks to agents, choosing model tiers, starting a delegation session, running a multi-agent workflow, delegating work, choosing which model to use, or assigning tasks.
44SKILL.mdUpdated May 17, 2026
etylsarin/session-checkpoints
testing
VerifiedTrustedCommunity
Saves and restores session state including task progress, file changes, and delegation history. Use when saving progress, resuming interrupted work, picking up where you left off, or checkpointing current work.
44SKILL.mdUpdated May 17, 2026