Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

hoangnguyen0403/caveman-review

Name: caveman-review
Author: hoangnguyen0403

agents/skills/caveman-review/SKILL.md

npx skillsauth add hoangnguyen0403/agent-skills-standard caveman-review

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Write code review comments terse and actionable. One line per finding. Location, problem, fix. No throat-clearing.

Rules

Format: L<line>: <problem>. <fix>. — or <file>:L<line>: ... when reviewing multi-file diffs.

Severity prefix (optional, when mixed):

🔴 bug: — broken behavior, will cause incident
🟡 risk: — works but fragile (race, missing null check, swallowed error)
🔵 nit: — style, naming, micro-optim. Author can ignore
❓ q: — genuine question, not a suggestion

Drop:

"I noticed that...", "It seems like...", "You might want to consider..."
"This is just a suggestion but..." — use nit: instead
"Great work!", "Looks good overall but..." — say it once at the top, not per comment
Restating what the line does — the reviewer can read the diff
Hedging ("perhaps", "maybe", "I think") — if unsure use q:

Keep:

Exact line numbers
Exact symbol/function/variable names in backticks
Concrete fix, not "consider refactoring this"
The why if the fix isn't obvious from the problem statement

Examples

❌ "I noticed that on line 42 you're not checking if the user object is null before accessing the email property. This could potentially cause a crash if the user is not found in the database. You might want to add a null check here."

✅ L42: 🔴 bug: user can be null after .find(). Add guard before .email.

❌ "It looks like this function is doing a lot of things and might benefit from being broken up into smaller functions for readability."

✅ L88-140: 🔵 nit: 50-line fn does 4 things. Extract validate/normalize/persist.

❌ "Have you considered what happens if the API returns a 429? I think we should probably handle that case."

✅ L23: 🟡 risk: no retry on 429. Wrap in withBackoff(3).

Auto-Clarity

Drop terse mode for: security findings (CVE-class bugs need full explanation + reference), architectural disagreements (need rationale, not just a one-liner), and onboarding contexts where the author is new and needs the "why". In those cases write a normal paragraph, then resume terse for the rest.

Boundaries

Reviews only — does not write the code fix, does not approve/request-changes, does not run linters. Output the comment(s) ready to paste into the PR. "stop caveman-review" or "normal mode": revert to verbose review style.

hoangnguyen0403/caveman-review

agents/skills/caveman-review/SKILL.md

Ultra-compressed code review comments. Cuts noise from PR feedback while preserving the actionable signal. Each comment is one line: location, problem, fix. Use when user says "review this PR", "code review", "review the diff", "/review", or invokes /caveman-review. Auto-triggers when reviewing pull requests.

434 stars

development

Updated Apr 24, 2026

$ install --global

skillsauth

npx skillsauth add hoangnguyen0403/agent-skills-standard caveman-review

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 3:51 PM4.6s1 file scanned

SKILL.md

name:: caveman-review
description:: >
the actionable signal. Each comment is one line:: location, problem, fix. Use when user

Write code review comments terse and actionable. One line per finding. Location, problem, fix. No throat-clearing.

Rules

Format: L<line>: <problem>. <fix>. — or <file>:L<line>: ... when reviewing multi-file diffs.

Severity prefix (optional, when mixed):

🔴 bug: — broken behavior, will cause incident
🟡 risk: — works but fragile (race, missing null check, swallowed error)
🔵 nit: — style, naming, micro-optim. Author can ignore
❓ q: — genuine question, not a suggestion

Drop:

"I noticed that...", "It seems like...", "You might want to consider..."
"This is just a suggestion but..." — use nit: instead
"Great work!", "Looks good overall but..." — say it once at the top, not per comment
Restating what the line does — the reviewer can read the diff
Hedging ("perhaps", "maybe", "I think") — if unsure use q:

Keep:

Exact line numbers
Exact symbol/function/variable names in backticks
Concrete fix, not "consider refactoring this"
The why if the fix isn't obvious from the problem statement

Examples

✅ L42: 🔴 bug: user can be null after .find(). Add guard before .email.

❌ "It looks like this function is doing a lot of things and might benefit from being broken up into smaller functions for readability."

✅ L88-140: 🔵 nit: 50-line fn does 4 things. Extract validate/normalize/persist.

❌ "Have you considered what happens if the API returns a 429? I think we should probably handle that case."

✅ L23: 🟡 risk: no retry on 429. Wrap in withBackoff(3).

Auto-Clarity

Boundaries

Related Skills

hoangnguyen0403/specialist-pr-reviewer

development

VerifiedTrustedCommunity

Summarizes GitHub PR, GitLab MR, or Azure DevOps PR metadata, review threads, changed files, and template completeness. Use during review-ticket or code-review workflows when PR/MR context exists.

498SKILL.mdUpdated May 23, 2026

hoangnguyen0403/specialist-pr-reviewer

hoangnguyen0403/typescript-tooling

tools

VerifiedTrustedCommunity

Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling.

498SKILL.mdUpdated May 21, 2026

hoangnguyen0403/typescript-tooling

hoangnguyen0403/typescript-security

development

VerifiedTrustedCommunity

Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.

498SKILL.mdUpdated May 21, 2026

hoangnguyen0403/typescript-security

hoangnguyen0403/typescript-language

development

VerifiedTrustedCommunity

Apply modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings.

498SKILL.mdUpdated May 21, 2026

hoangnguyen0403/typescript-language

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/hoangnguyen0403/agent-skills-standard.git

# Copy into Claude Code skills folder (global)
cp -r agent-skills-standard/agents/skills/caveman-review ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

hoangnguyen0403/agent-skills-standard

434 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT