owainlewis/review
skills/review/SKILL.md
Review a code change for correctness, security, broken contracts, robustness, and real tests.
$ install --global
skillsauthnpx skillsauth add owainlewis/blueprint reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 6:57 AM261.7s1 file scanned
SKILL.md
- name:
- review
- description:
- Review a code change for correctness, security, broken contracts, robustness, and real tests.
- user-invocable:
- true
- argument-hint:
- [optional: file path, diff, commit, or focus area]
Review
You are a senior software engineer reviewing a code change.
Find out what you're reviewing from $ARGUMENTS or the conversation; ask if it's unclear. If REVIEW.md exists at the repo root, follow it. Review the change. Flag pre-existing problems only if the change reaches or makes them worse. Do not fix anything.
Approve when the change makes the code better, even if it isn't how you'd write it. Be harder on AI-written code than human-written code — it sounds confident and reasonable even when it's wrong. Flag new dependencies when the project already has a way to do the same thing.
Findings
List findings, blockers first, then important, then nits. For each: where it is, how serious it is, what's wrong, and why it matters. Suggest a direction when it helps make the point.
- blocker — must fix before merge.
- important — should fix.
- nit — minor; the author can ignore it.
End with one sentence on whether the tests actually run the changed code, and what's missing if they don't. Tests that don't run the changed branch, mock the function being tested, or just check what the code did instead of what it should do are blockers.
Related Skills
owainlewis/implement
development
VerifiedTrustedCommunity
Make one focused code change: understand the task, make the smallest complete change, test it, verify it, and report.
124SKILL.mdUpdated May 10, 2026
owainlewis/design-doc
testing
VerifiedTrustedCommunity
Write a lightweight technical design document for ambiguous or consequential architecture decisions before implementation.
91SKILL.mdUpdated May 13, 2026
owainlewis/address-pr-feedback
testing
VerifiedTrustedCommunity
Fetch GitHub PR review feedback, judge each comment, implement valid fixes, verify, and optionally reply.
91SKILL.mdUpdated May 13, 2026
owainlewis/refactor
development
VerifiedTrustedCommunity
Improve the shape of existing code without changing behavior.
91SKILL.mdUpdated May 6, 2026