Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

hellblazer/code-review

Name: code-review
Author: hellblazer

nx/skills/code-review/SKILL.md

npx skillsauth add hellblazer/nexus code-review

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Code Review Skill

Delegates to the code-review-expert agent.

Model Selection

Default: haiku. Escalate via model parameter on the Agent tool:

| Task Shape | Model | When | |-----------|-------|------| | Small diff, routine review | haiku (default) | <200 LOC, no security concerns | | Security-sensitive, >500 LOC, or architectural | sonnet | Auth code, crypto, API boundaries |

When This Skill Activates

After writing or modifying significant code (10+ lines)
When completing a feature or bug fix
After refactoring existing code
Before creating a pull request
When code quality, security, or best practices review is needed

digraph review_flow {
    "Code changes ready?" [shape=diamond];
    "Run tests first" [shape=box];
    "Invoke code-review-expert" [shape=box];
    "Critical findings?" [shape=diamond];
    "Fix and re-review" [shape=box];
    "Invoke test-validator" [shape=doublecircle];

    "Code changes ready?" -> "Run tests first" [label="yes"];
    "Run tests first" -> "Invoke code-review-expert";
    "Invoke code-review-expert" -> "Critical findings?";
    "Critical findings?" -> "Fix and re-review" [label="yes"];
    "Critical findings?" -> "Invoke test-validator" [label="no"];
    "Fix and re-review" -> "Invoke code-review-expert";
}

Pre-Dispatch: Seed Link Context (optional)

If the review references an RDR or bead, seed link-context so any patterns the agent stores to T3 auto-link. See /nx:catalog for details. Skip if the review is purely ad-hoc.

Agent Invocation

Use the Agent tool to invoke code-review-expert:

## Relay: code-review-expert

**Task**: [what needs to be done]
**Bead**: [ID] or 'none'

### Input Artifacts
- Files: [relevant files]

### Deliverable
Structured code review with severity-rated findings

### Quality Criteria
- [ ] All changed files analyzed
- [ ] Security vulnerabilities flagged
- [ ] Specific remediation guidance provided

For full relay structure and optional fields, see RELAY_TEMPLATE.md.

Review Methodology

The code-review-expert agent uses hypothesis-driven review:

Form hypothesis about code quality patterns
Gather evidence from code structure, naming, patterns
Validate against best practices and security requirements
Document findings with file:line references

REQUIRED BACKGROUND: Use /nx:receiving-review when acting on review output.

Agent-Specific PRODUCE

Session Scratch (T1): scratch tool: action="put", content="<notes>", tags="review" — working review notes during session; flagged items auto-promote to T2 at session end
nx memory: memory_put tool: content="...", project="{project}", title="review-findings.md" — persistent review findings across sessions
nx store (optional): store_put tool: content="...", collection="knowledge", title="pattern-code-{topic}", tags="pattern,code-review" — recurring violation patterns worth long-term storage
Beads: creates bug beads (/beads:create "..." -t bug) for critical findings that require follow-up work

Success Criteria

[ ] All changed files analyzed
[ ] Security vulnerabilities flagged
[ ] Best practices validated
[ ] Specific remediation guidance provided
[ ] At least one positive feedback item included
[ ] T2 memory updated with session findings (if multi-session work)

Session Scratch (T1): Agent uses scratch tool for ephemeral working notes during the session. Flagged items auto-promote to T2 at session end.

On Completion (Mandatory)

On successful review completion, write a T1 scratch marker so the PreToolUse verification hook can confirm review happened this session:

nx scratch put "review-completed bead={bead-id} at={ISO-timestamp}" --tags "review,{bead-id}"

Replace {bead-id} with the bead ID from the relay (e.g., nexus-4yit). Replace {ISO-timestamp} with the current UTC time in ISO 8601 format (e.g., 2026-04-01T16:00:00Z).

No bead context: If invoked without a bead ID (ad-hoc review), write the marker with bead=none:

nx scratch put "review-completed bead=none at={ISO-timestamp}" --tags "review"

The --tags flag format is a comma-separated string: --tags "review,{bead-id}" (not --tags review --tags {bead-id}).

hellblazer/code-review

nx/skills/code-review/SKILL.md

Use when code changes are ready for quality, security, or best practices review, before committing or creating a pull request

1 stars

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add hellblazer/nexus code-review

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 7:27 AM4.0s1 file scanned

SKILL.md

name:: code-review
description:: Use when code changes are ready for quality, security, or best practices review, before committing or creating a pull request
effort:: high

Code Review Skill

Delegates to the code-review-expert agent.

Model Selection

Default: haiku. Escalate via model parameter on the Agent tool:

When This Skill Activates

After writing or modifying significant code (10+ lines)
When completing a feature or bug fix
After refactoring existing code
Before creating a pull request
When code quality, security, or best practices review is needed

digraph review_flow {
    "Code changes ready?" [shape=diamond];
    "Run tests first" [shape=box];
    "Invoke code-review-expert" [shape=box];
    "Critical findings?" [shape=diamond];
    "Fix and re-review" [shape=box];
    "Invoke test-validator" [shape=doublecircle];

    "Code changes ready?" -> "Run tests first" [label="yes"];
    "Run tests first" -> "Invoke code-review-expert";
    "Invoke code-review-expert" -> "Critical findings?";
    "Critical findings?" -> "Fix and re-review" [label="yes"];
    "Critical findings?" -> "Invoke test-validator" [label="no"];
    "Fix and re-review" -> "Invoke code-review-expert";
}

Pre-Dispatch: Seed Link Context (optional)

If the review references an RDR or bead, seed link-context so any patterns the agent stores to T3 auto-link. See /nx:catalog for details. Skip if the review is purely ad-hoc.

Agent Invocation

Use the Agent tool to invoke code-review-expert:

## Relay: code-review-expert

**Task**: [what needs to be done]
**Bead**: [ID] or 'none'

### Input Artifacts
- Files: [relevant files]

### Deliverable
Structured code review with severity-rated findings

### Quality Criteria
- [ ] All changed files analyzed
- [ ] Security vulnerabilities flagged
- [ ] Specific remediation guidance provided

For full relay structure and optional fields, see RELAY_TEMPLATE.md.

Review Methodology

The code-review-expert agent uses hypothesis-driven review:

Form hypothesis about code quality patterns
Gather evidence from code structure, naming, patterns
Validate against best practices and security requirements
Document findings with file:line references

REQUIRED BACKGROUND: Use /nx:receiving-review when acting on review output.

Agent-Specific PRODUCE

Session Scratch (T1): scratch tool: action="put", content="<notes>", tags="review" — working review notes during session; flagged items auto-promote to T2 at session end
nx memory: memory_put tool: content="...", project="{project}", title="review-findings.md" — persistent review findings across sessions
nx store (optional): store_put tool: content="...", collection="knowledge", title="pattern-code-{topic}", tags="pattern,code-review" — recurring violation patterns worth long-term storage
Beads: creates bug beads (/beads:create "..." -t bug) for critical findings that require follow-up work

Success Criteria

[ ] All changed files analyzed
[ ] Security vulnerabilities flagged
[ ] Best practices validated
[ ] Specific remediation guidance provided
[ ] At least one positive feedback item included
[ ] T2 memory updated with session findings (if multi-session work)

Session Scratch (T1): Agent uses scratch tool for ephemeral working notes during the session. Flagged items auto-promote to T2 at session end.

On Completion (Mandatory)

On successful review completion, write a T1 scratch marker so the PreToolUse verification hook can confirm review happened this session:

nx scratch put "review-completed bead={bead-id} at={ISO-timestamp}" --tags "review,{bead-id}"

Replace {bead-id} with the bead ID from the relay (e.g., nexus-4yit). Replace {ISO-timestamp} with the current UTC time in ISO 8601 format (e.g., 2026-04-01T16:00:00Z).

No bead context: If invoked without a bead ID (ad-hoc review), write the marker with bead=none:

nx scratch put "review-completed bead=none at={ISO-timestamp}" --tags "review"

The --tags flag format is a comma-separated string: --tags "review,{bead-id}" (not --tags review --tags {bead-id}).

Related Skills

hellblazer/review

development

VerifiedTrustedCommunity

Use when critiquing / auditing / reviewing a change set against decision history — tries the review plan library first (catalog lookup → decision-evolution traversal → extract → compare), falls through to /nx:query if nothing matches

1SKILL.mdUpdated Apr 17, 2026

hellblazer/research

documentation

VerifiedTrustedCommunity

Use when doing design / architecture / planning work that walks from prose (RDRs, docs, knowledge) into the modules implementing a concept

1SKILL.mdUpdated Apr 17, 2026

hellblazer/plan-promote

development

VerifiedTrustedCommunity

Use when surveying the plan library's runtime metrics to propose plans for promotion to a higher scope — advisory-only; dispatches the plan-promote-propose meta-seed (no lifecycle ops — those ship in RDR-079)

1SKILL.mdUpdated Apr 17, 2026

hellblazer/plan-promote

hellblazer/plan-inspect

business

VerifiedTrustedCommunity

Use when inspecting plan runtime metrics or enumerating dimension-registry usage — dispatches plan_match with dimensions={verb:plan-inspect}; strategy:default reports per-plan metrics, strategy:dimensions reports registry usage counts

1SKILL.mdUpdated Apr 17, 2026

hellblazer/plan-inspect

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/hellblazer/nexus.git

# Copy into Claude Code skills folder (global)
cp -r nexus/nx/skills/code-review ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

hellblazer/nexus

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT