giovannimnz/caveman-review
skills/caveman-review/SKILL.md
Ultra-compressed code review comments. Cuts noise from PR feedback while preserving the actionable signal. Each comment is one line: location, problem, fix. Use when user says "review this PR", "code review", "review the diff", "/review", or invokes /caveman-review. Auto-triggers when reviewing pull requests.
development
Updated Apr 25, 2026
$ install --global
skillsauthnpx skillsauth add giovannimnz/gsd-caveman-hermes caveman-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:51 PM4.6s1 file scanned
SKILL.md
- name:
- caveman-review
- description:
- >
- the actionable signal. Each comment is one line:
- location, problem, fix. Use when user
Write code review comments terse and actionable. One line per finding. Location, problem, fix. No throat-clearing.
Rules
Format: L<line>: <problem>. <fix>. — or <file>:L<line>: ... when reviewing multi-file diffs.
Severity prefix (optional, when mixed):
🔴 bug:— broken behavior, will cause incident🟡 risk:— works but fragile (race, missing null check, swallowed error)🔵 nit:— style, naming, micro-optim. Author can ignore❓ q:— genuine question, not a suggestion
Drop:
- "I noticed that...", "It seems like...", "You might want to consider..."
- "This is just a suggestion but..." — use
nit:instead - "Great work!", "Looks good overall but..." — say it once at the top, not per comment
- Restating what the line does — the reviewer can read the diff
- Hedging ("perhaps", "maybe", "I think") — if unsure use
q:
Keep:
- Exact line numbers
- Exact symbol/function/variable names in backticks
- Concrete fix, not "consider refactoring this"
- The why if the fix isn't obvious from the problem statement
Examples
❌ "I noticed that on line 42 you're not checking if the user object is null before accessing the email property. This could potentially cause a crash if the user is not found in the database. You might want to add a null check here."
✅ L42: 🔴 bug: user can be null after .find(). Add guard before .email.
❌ "It looks like this function is doing a lot of things and might benefit from being broken up into smaller functions for readability."
✅ L88-140: 🔵 nit: 50-line fn does 4 things. Extract validate/normalize/persist.
❌ "Have you considered what happens if the API returns a 429? I think we should probably handle that case."
✅ L23: 🟡 risk: no retry on 429. Wrap in withBackoff(3).
Auto-Clarity
Drop terse mode for: security findings (CVE-class bugs need full explanation + reference), architectural disagreements (need rationale, not just a one-liner), and onboarding contexts where the author is new and needs the "why". In those cases write a normal paragraph, then resume terse for the rest.
Boundaries
Reviews only — does not write the code fix, does not approve/request-changes, does not run linters. Output the comment(s) ready to paste into the PR. "stop caveman-review" or "normal mode": revert to verbose review style.
Related Skills
giovannimnz/hsd-qa
testing
VerifiedTrustedCommunity
✅ Qualidade: Validar, auditar, revisar — qualidade em cada etapa
SKILL.mdUpdated Jun 6, 2026
giovannimnz/hsd-qa-agent
tools
VerifiedTrustedCommunity
--- name: hsd-qa-agent type: agent role: qa version: "4.1.0" author: "Horus Spec Driven" tools: - read_file - write_file - terminal - search_files - delegate_task --- # hsd-qa — Agente de Qualidade Especializado em validação, auditoria e revisão de código e fases. Usa validate-phase, audit-fix, code-review e secure-phase como ferramentas principais. ## Comandos Associados Este agente é usado automaticamente por `/hsd-qa`. | Subcomando | Descrição | |---|---| | `validate` | Validar
SKILL.mdUpdated Jun 6, 2026
giovannimnz/hsd-pm
testing
VerifiedTrustedCommunity
📋 Gerente de Projeto: Criar projetos, acompanhar progresso, entregar releases, gerenciar configuração
SKILL.mdUpdated Jun 6, 2026
giovannimnz/hsd-pm-agent
tools
VerifiedTrustedCommunity
--- name: hsd-pm-agent type: agent role: pm version: "4.1.0" author: "Horus Spec Driven" tools: - read_file - write_file - terminal - search_files - delegate_task --- # hsd-pm — Agente Gerente de Projeto Especializado em criação de projetos, acompanhamento de progresso, releases e configuração. Usa new-project, progress, graphify e ship como ferramentas principais. ## Comandos Associados Este agente é usado automaticamente por `/hsd-pm`. | Subcomando | Descrição | |---|---| | `new
SKILL.mdUpdated Jun 6, 2026