n4m3z/ReceiveReview
skills/ReceiveReview/SKILL.md
Process code review feedback with technical rigor — verify before implementing, push back when wrong. USE WHEN receiving code review feedback, before implementing review suggestions.
$ install --global
skillsauthnpx skillsauth add n4m3z/forge-dev ReceiveReviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 7:18 AM229.9s3 files scanned
SKILL.md
- name:
- ReceiveReview
- version:
- 0.1.0
- description:
- Process code review feedback with technical rigor — verify before implementing, push back when wrong. USE WHEN receiving code review feedback, before implementing review suggestions.
ReceiveReview
Process code review feedback critically. Verify suggestions are correct before implementing. Push back when they're wrong. Never performatively agree.
- Read all feedback first — read every comment before implementing any change. Understand the full picture before acting.
- Categorize — sort into blocking (must fix), important (should fix), suggestions (could fix)
- Verify each suggestion — read the code the reviewer references. Is their understanding correct? Does their suggestion actually improve the code?
- Evaluate — for each suggestion:
- Correct and valuable: implement it
- Correct but YAGNI: push back with reasoning
- Incorrect: push back with technical evidence
- Unclear: ask for clarification instead of guessing
- Implement in order — blocking issues first, then simple fixes, then complex changes
- Report — summarize what was implemented, what was pushed back on and why
Responding to Feedback
Forbidden responses: "You're absolutely right!", "Great point!", "Thanks for catching that!" — these are performative, not technical. Respond with what you did and why.
When pushing back, provide technical reasoning:
- "This would add a dependency we don't need because X"
- "The current pattern handles this case via Y — changing it would break Z"
- "This suggestion addresses a scenario that can't occur because of the guard at line N"
When the reviewer is right, just fix it. No performance needed.
Red Flags
| Thought | Reality | | ---------------------------------------------- | -------------------------------------------------------------- | | "They're probably right, I'll just do it" | Verify first. Reviewers have limited context. | | "I don't agree but I'll do it anyway" | Push back with evidence. Silent compliance ships bad code. | | "Let me add this feature they suggested" | YAGNI check. Is it in the spec? Is it needed? | | "I'll implement all suggestions at once" | One at a time, in priority order. Batching hides interactions. | | "Great point!" (about to implement blindly) | Read the code. Is it actually a great point? | | "This feedback is wrong, I'll ignore it" | Respond with reasoning. Ignoring erodes trust. |
Constraints
- Read all feedback before implementing any change
- Never performatively agree — respond with technical substance
- Verify each suggestion against the actual code before implementing
- Push back with evidence when a suggestion is wrong or unnecessary
- Implement in priority order: blocking, then simple, then complex
- Ask for clarification on unclear feedback instead of guessing intent
Additional references
@ReceivingCodeReview.md
Related Skills
n4m3z/WebDevelopment
tools
VerifiedTrustedCommunity
Server-rendered web dashboards and apps in Rust using axum + htmx + Askama + rust-embed. USE WHEN building a web dashboard, adding a web UI to a CLI tool, server-rendered HTML, htmx partials, Askama templates, axum routes, embedded static assets, localhost webserver.
2SKILL.mdUpdated May 28, 2026
n4m3z/HealthChecks
tools
VerifiedTrustedCommunity
Architecture for security and health-check programs: standalone-runnable checks, severity ladder with UNKNOWN, key:value output contract, orchestrator dispatch, exit-code semantics. Language-agnostic; reference implementations in Bash, applies to Python and other languages. USE WHEN writing health checks or audit tools, designing check-script contracts, adding checks to tools like check-mac, reviewing health-check architecture, or porting a check tool between languages.
2SKILL.mdUpdated May 19, 2026
n4m3z/AuditDotfiles
testing
VerifiedTrustedCommunity
Scan a dotfiles tree for secrets via gitleaks, aggregate findings by top-level directory and rule, then surgically filter flagged lines from shell-history files before importing into atuin. USE WHEN auditing dotfiles before pushing to a public repo, scanning rsynced dotfiles-private contents, importing legacy zsh or bash history into atuin, filtering credential leaks out of a shell history file, deciding which dotfile subdirectories can be made public.
2SKILL.mdUpdated May 14, 2026
n4m3z/TestDrivenDevelopment
development
VerifiedTrustedCommunity
Test-driven development practices — Red-Green-Refactor cycle, test categories, coverage strategy, property-based testing. USE WHEN writing tests, designing testable APIs, or reviewing test coverage.
2SKILL.mdUpdated May 10, 2026