npc-worldwide/npcsh/npc_team/jinxes/skills/code-review
npcsh/npc_team/jinxes/skills/code-review/SKILL.md
Conducts code reviews. Use when asked to review code, review a PR, or check code quality.
$ install --global
skillsauthnpx skillsauth add npc-worldwide/npcsh npcsh/npc_team/jinxes/skills/code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:30 AM4.9s1 file scanned
SKILL.md
- description:
- Conducts code reviews. Use when asked to review code, review a PR, or check code quality.
Code Review
approach
Start by reading the full diff to understand the scope of changes. Identify the purpose of the change — is it a bug fix, new feature, refactor, or config change? Note which files are modified and how they relate to each other.
structure
Check the following structural concerns:
- Are changes in the right files/modules?
- Is new code placed in a logical location?
- Are there any circular dependencies introduced?
- Is the change minimal — does it avoid unnecessary modifications?
correctness
Review for correctness:
- Does the logic handle edge cases (null, empty, boundary values)?
- Are error paths handled properly?
- Is state management correct (no race conditions, stale data)?
- Do new functions have the right return types?
style
Check style and conventions:
- Naming: are variables, functions, classes named clearly?
- Consistency: does the code match the project's existing patterns?
- Comments: are complex sections explained? Are there unnecessary comments?
- Formatting: consistent indentation, line length, spacing?
testing
Evaluate test coverage:
- Are new code paths tested?
- Are edge cases covered?
- Do tests actually assert meaningful behavior (not just "runs without error")?
- Are there integration tests where needed?
security
Check for security issues:
- Input validation at system boundaries
- No hardcoded secrets or credentials
- SQL injection, XSS, command injection prevention
- Proper authentication/authorization checks
- Sensitive data not logged or exposed
Related Skills
npc-worldwide/npcsh/npc_team/jinxes/skills/debugging
development
VerifiedTrustedCommunity
Systematic debugging methodology. Use when asked to debug, troubleshoot, or diagnose issues.
292SKILL.mdUpdated Apr 9, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-qa-testing
development
VerifiedTrustedCommunity
Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
357,764SKILL.mdUpdated Apr 10, 2026