litisaude/skills/review
skills/review/SKILL.md
# /review — Composite Code Review Run the appropriate reviewer agents based on the mode and stack. ## Usage - `/review plan` — Review a plan/feature description before coding. Produces a requirements checklist. - `/review code` — Review actual code changes. Produces a violation report. - `/review code backend` — Limit code review to backend reviewers only. - `/review code frontend` — Limit code review to frontend reviewers only. ## Mode: `plan` **When**: Before coding starts. The user has a
development
Updated May 8, 2026
$ install --global
skillsauthnpx skillsauth add litisaude/garage skills/reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 2:45 AM170.9s1 file scanned
SKILL.md
/review — Composite Code Review
Run the appropriate reviewer agents based on the mode and stack.
Usage
/review plan— Review a plan/feature description before coding. Produces a requirements checklist./review code— Review actual code changes. Produces a violation report./review code backend— Limit code review to backend reviewers only./review code frontend— Limit code review to frontend reviewers only.
Mode: plan
When: Before coding starts. The user has a feature description or plan draft.
What it does: Launches three agents in parallel — one for engineering standards (@agents/plan-requirements-reviewer.md), one for business/product readiness (@agents/business-readiness-reviewer.md), and one for security & threat modeling (@agents/security-threat-modeling-reviewer.md). Together they produce a comprehensive review covering technical requirements, business blind spots, and design-level security gaps. No code scanning.
Behavior:
- Read the user's feature description or plan draft from context.
- Launch three Task agents in parallel with
subagent_type: "general-purpose":- One with the prompt from
@agents/plan-requirements-reviewer.md(engineering standards) - One with the prompt from
@agents/business-readiness-reviewer.md(business/product readiness) - One with the prompt from
@agents/security-threat-modeling-reviewer.md(security & threat modeling)
- One with the prompt from
- Merge results into a single report.
Mode: code
When: After coding. The user has made changes and wants them reviewed.
What it does: Launches specialized reviewer agents in parallel to scan actual code for violations.
Behavior:
-
Determine scope: Look at the files the user wants reviewed. If no files are specified, use recent git changes (
git diff --name-only HEAD~1). -
Detect stack (if not explicitly provided):
- Backend indicators:
.py,.go,.java,.rsfiles,models/,api/,services/,domains/,background_jobs/ - Frontend/mobile indicators:
.tsx,.jsx,.ts,.js,.swift,.kt,.dartfiles,components/,screens/,pages/,hooks/ - If mixed, run all relevant reviewers.
- Backend indicators:
-
Launch reviewers in parallel using the Task tool with
subagent_type: "general-purpose":For backend code, launch three parallel agents:
- One with the prompt from
@agents/production-hardening-reviewer.mdscoped to the target files - One with the prompt from
@agents/audit-compliance-reviewer.mdscoped to the target files - One with the prompt from
@agents/security-controls-reviewer.mdscoped to the target backend files (backend pillars only)
For frontend/mobile code, launch three parallel agents:
- One with the prompt from
@agents/production-hardening-reviewer.mdscoped to the target frontend files (frontend pillars only — kill switch, client resilience) - One with the prompt from
@agents/analytics-coverage-reviewer.mdscoped to the target files - One with the prompt from
@agents/security-controls-reviewer.mdscoped to the target frontend files (frontend pillars only)
For mixed stack, launch all four agents — a single
production-hardeninginvocation covering both stacks,audit-compliance,analytics-coverage, and a singlesecurity-controls-reviewerinvocation that covers both backend and frontend pillars across the full file scope. - One with the prompt from
-
Merge results: Combine the outputs from all agents into a single report.
Output Format
Plan mode
# Plan Review: [Feature Name]
## Stack: [Backend / Frontend / Full Stack]
## Engineering Requirements
### [Category]
- ⚠️ **[Requirement]**: Why it applies and what the plan should specify
- ✅ **[Requirement]**: Already addressed in the plan
## Business & Product Readiness
### [Pillar Name]
- ⚠️ **[Requirement]**: Why it applies and what the plan should specify
- ✅ **[Requirement]**: Already addressed in the plan
## Security & Threat Model
### [Pillar Name]
- ⚠️ **[Requirement]**: Why it applies and what the plan should specify
- ✅ **[Requirement]**: Already addressed in the plan
## Summary
- **Engineering gaps**: N items
- **Business/product gaps**: N items
- **Security gaps**: N items
- **Already covered**: N items
Code mode
# Code Review Report
## Stack: [Backend / Frontend / Full Stack]
## Files reviewed: [list or summary]
---
## Production Hardening
[Output from production-hardening-reviewer]
---
## Audit Compliance
[Output from audit-compliance-reviewer]
---
## Security Controls
[Output from security-controls-reviewer]
---
## Analytics Coverage
[Output from analytics-coverage-reviewer]
---
## Summary
- **Critical**: N findings
- **High**: N findings
- **Medium**: N findings
- **Low**: N findings
Related Skills
litisaude/visualize-plan
development
VerifiedTrustedCommunity
Generate a "visual companion" for one or more PRD/TRD markdown files. Long specs become a multi-page mini-site with a sticky side menu (folder of self-contained HTML files); short specs become a single-page HTML. Both follow the Liti mobile design system and a fixed page-shell template so visuals stay consistent across the team.
SKILL.mdUpdated May 12, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-qa-testing
development
VerifiedTrustedCommunity
Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
357,764SKILL.mdUpdated Apr 10, 2026