paulrberg/code-polish
skills/code-polish/SKILL.md
This skill should be used when the user asks to "polish code", "simplify and review", "clean up and review code", "full code polish", "simplify then review", "refactor and review", "simplify and fix", "clean up and fix", or wants a combined simplification and review workflow on recently changed code.
$ install --global
skillsauthnpx skillsauth add paulrberg/agent-skills code-polishInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 5:17 AM168.7s1 file scanned
SKILL.md
- context:
- fork
- disable-model-invocation:
- false
- name:
- code-polish
- user-invocable:
- true
- description:
- This skill should be used when the user asks to "polish code", "simplify and review", "clean up and review code", "full code polish", "simplify then review", "refactor and review", "simplify and fix", "clean up and fix", or wants a combined simplification and review workflow on recently changed code.
Code Polish
Combined simplification and review pipeline. This skill orchestrates two sub-skills in sequence:
code-simplify— simplify for readability and maintainabilitycode-review --fix— review for correctness, security, and quality, auto-applying all fixes
Optimize for one scope resolution, one user-facing report, and no redundant simplify verification.
Scope Resolution
- Verify repository context:
git rev-parse --git-dir. If this fails, stop and tell the user to run from a git repository. - If user provides file paths/patterns, a commit/range, or a
Resolved scopefenced block with one repo-relative path per line, scope is exactly those targets. - Otherwise, scope is only session-modified files. Do not include other uncommitted changes.
- If there are no session-modified files, fall back to all uncommitted tracked + untracked files:
- tracked:
git diff --name-only --diff-filter=ACMR - untracked:
git ls-files --others --exclude-standard - combine both lists and de-duplicate.
- tracked:
- Exclude generated/low-signal files unless requested: lockfiles, minified bundles, build outputs, vendored code.
- If scope still resolves to zero files, report and stop.
- Normalize the final scope into a
Resolved scopefenced block with one repo-relative path per line. Reuse that exact block for both sub-skills instead of asking them to rediscover scope.
Workflow
1) Resolve scope once
- Apply the "Scope Resolution" rules above.
- Treat the resulting
Resolved scopeblock as authoritative for all downstream work. - Forward user intent, constraints, and risk preferences, but skip raw scope selectors already captured in the resolved block.
2) Run code-simplify
Invoke the code-simplify skill with:
- the authoritative
Resolved scopeblock --no-verify--no-report- any non-scope user intent that still matters
Tell code-simplify not to broaden or rediscover scope.
3) Run code-review --fix
Invoke the code-review skill with:
- the same authoritative
Resolved scopeblock --fix- any non-scope user intent that still matters
If the user explicitly asks for a speed-first pass over maintainability coverage, you may also append --skip-profile naming. Do not skip the naming profile by default.
4) Final verification
- Treat
code-review's post-fix verification as the final verification summary when it already covers the final touched scope. - If verification was skipped, partial, or no longer matches the final diff, run one narrow final verification pass across the final touched scope.
- Always report skipped checks explicitly.
5) Report
Combine the final state into one summary:
- Scope: Files and functions touched.
- Simplifications: Key changes from
code-simplify, derived from the actual diff when needed because--no-reportwas used. - Review findings and fixes: Findings and applied fixes from
code-review. - Verification: Commands run and outcomes.
- Residual risks: Assumptions or items needing manual review.
Related Skills
paulrberg/debrief
development
VerifiedTrustedCommunity
This skill should be used when the user asks to "debrief", "debrief this task", "debrief the session", "save findings", "save analysis", "save this as a report", "create an HTML report from the transcript", or wants to persist the current task's findings as a self-contained interactive HTML playground at `./.ai/reports/<slug>/index.html`. Flag: --md emits a plain Markdown report at `./.ai/reports/<slug>/index.md` and skips the playground dependency.
62SKILL.mdUpdated May 10, 2026
paulrberg/yeet
documentation
VerifiedTrustedCommunity
This skill should be used when the user asks to create or update a GitHub PR, file or update an issue, post a comment, or start a discussion. Trigger phrases include "create PR", "open PR", "file an issue", "update issue", "yeet a PR/issue/discussion", "comment on an issue".
62SKILL.mdUpdated Apr 18, 2026
paulrberg/evm-chains
development
VerifiedTrustedCommunity
This skill should be used when the user asks to resolve an EVM chain name or chain ID; find chain metadata such as a default public RPC, native currency symbol, or block explorer URL; determine whether a chain is supported by RouteMesh; or read on-chain account data for any EVM chain — "check ETH balance", "query ERC-20 balance", "get wallet balance", "check token holdings", "fetch NFT transfers", "ERC-721 or ERC-1155 transfer history", "transaction history", "find first funding transaction", "trace fund origin", "who funded this address", "query Etherscan", "query Blockscout", or "look up a chain on Chainscout". It routes each data query through Etherscan API V2 (preferred) or the Blockscout/Chainscout APIs (fallback for chains Etherscan doesn't serve), with direct JSON-RPC as a last resort. Also use it for chain resolution before fetching data from or interacting with an EVM chain.
62SKILL.mdUpdated Apr 18, 2026
paulrberg/commit
development
VerifiedTrustedCommunity
This skill should be used when the user asks to commit changes, craft a commit message, or run a commit workflow. Creates atomic git commits with conventional-commit formatting and optional deep analysis or push. Flags: --all, --deep, --close, --push.
62SKILL.mdUpdated Apr 18, 2026