grailautomation/review
engineering/skills/review/SKILL.md
Review code changes for security, performance, and correctness
development
Updated May 15, 2026
$ install --global
skillsauthnpx skillsauth add grailautomation/claude-plugins reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 15, 2026, 7:57 AM117.4s1 file scanned
SKILL.md
- name:
- review
- description:
- Review code changes for security, performance, and correctness
- argument-hint:
- <PR URL, diff, or file path>
- disable-model-invocation:
- true
/engineering:review
If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md.
Review code changes with a structured lens on security, performance, correctness, and maintainability.
Usage
/engineering:review <PR URL or file path>
Review the provided code changes: @$1
If no specific file or URL is provided, ask what to review.
How It Works
┌─────────────────────────────────────────────────────────────────┐
│ CODE REVIEW │
├─────────────────────────────────────────────────────────────────┤
│ STANDALONE (always works) │
│ ✓ Paste a diff, PR URL, or point to files │
│ ✓ Security audit (OWASP top 10, injection, auth) │
│ ✓ Performance review (N+1, memory leaks, complexity) │
│ ✓ Correctness (edge cases, error handling, race conditions) │
│ ✓ Style (naming, structure, readability) │
│ ✓ Actionable suggestions with code examples │
├─────────────────────────────────────────────────────────────────┤
│ SUPERCHARGED (when you connect your tools) │
│ + Source control: Pull PR diff automatically │
│ + Project tracker: Link findings to tickets │
│ + Knowledge base: Check against team coding standards │
└─────────────────────────────────────────────────────────────────┘
Output
## Code Review: [PR title or file]
### Summary
[1-2 sentence overview of the changes and overall quality]
### Critical Issues
| # | File | Line | Issue | Severity |
|---|------|------|-------|----------|
| 1 | [file] | [line] | [description] | 🔴 Critical |
### Suggestions
| # | File | Line | Suggestion | Category |
|---|------|------|------------|----------|
| 1 | [file] | [line] | [description] | Performance |
### What Looks Good
- [Positive observations]
### Verdict
[Approve / Request Changes / Needs Discussion]
Review Checklist
See the code-review skill for detailed guidance on security patterns, performance anti-patterns, and maintainability heuristics.
I check for:
- Security: SQL injection, XSS, auth bypass, secrets in code, insecure deserialization
- Performance: N+1 queries, unnecessary allocations, algorithmic complexity, missing indexes
- Correctness: Edge cases, null handling, race conditions, error propagation
- Maintainability: Naming clarity, single responsibility, test coverage, documentation
If Connectors Available
If ~~source control is connected:
- Pull the PR diff automatically from the URL
- Check CI status and test results
- For GitHub, use the
ghCLI before GitHub MCP.
If ~~project tracker is connected:
- Link findings to related tickets
- Verify the PR addresses the stated requirements
If ~~knowledge base is connected:
- Check changes against team coding standards and style guides
Tips
- Provide context — "This is a hot path" or "This handles PII" helps me focus.
- Specify concerns — "Focus on security" narrows the review.
- Include tests — I'll check test coverage and quality too.
Related Skills
grailautomation/write-spec
documentation
VerifiedTrustedCommunity
Write a feature spec or PRD from a problem statement or feature idea
SKILL.mdUpdated May 15, 2026
grailautomation/user-research-synthesis
development
VerifiedTrustedCommunity
Synthesize qualitative and quantitative user research into structured insights and opportunity areas. Use when analyzing interview notes, survey responses, support tickets, or behavioral data to identify themes, build personas, or prioritize opportunities.
SKILL.mdUpdated May 15, 2026
grailautomation/synthesize-research
research
VerifiedTrustedCommunity
Synthesize user research from interviews, surveys, and feedback into structured insights
SKILL.mdUpdated May 15, 2026
grailautomation/stakeholder-update
data-ai
VerifiedTrustedCommunity
Generate a stakeholder update tailored to audience and cadence
SKILL.mdUpdated May 15, 2026