petrogurcak/deep-review
deep-review/SKILL.md
Use after completing significant code changes - orchestrates specialized review skills (security, database, API, UX) based on auto-detected stack and scope
$ install --global
skillsauthnpx skillsauth add petrogurcak/skills deep-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 4:49 AM7.2s1 file scanned
SKILL.md
- name:
- deep-review
- description:
- Use after completing significant code changes - orchestrates specialized review skills (security, database, API, UX) based on auto-detected stack and scope
Deep Review - Code Review Orchestrator
Overview
This skill orchestrates comprehensive code review by auto-detecting stack and routing to specialized review skills. It does NOT implement reviews itself - it coordinates specialists.
Philosophy:
Orchestrator = Conductor
Specialized Skills = Musicians
The conductor coordinates, musicians play.
Announce: "I'm using deep-review to analyze your code changes."
When to Use
USE this skill:
- After completing larger piece of work
- Before deploy to production
- When
/deep-reviewcommand issued - "Udělej hloubkovou analýzu"
- Code audit requested
DON'T use this skill:
- Quick spot check (use specialist directly)
- Just security review →
security-review - Just database review →
database-review
Workflow
digraph deep_review_flow {
"Changes detected" [shape=doublecircle];
"Scope detection" [shape=box];
"Stack detection" [shape=box];
"Route to specialists" [shape=box];
"Execute checklists" [shape=box];
"Generate report" [shape=box];
"Done" [shape=doublecircle];
"Changes detected" -> "Scope detection";
"Scope detection" -> "Stack detection";
"Stack detection" -> "Route to specialists";
"Route to specialists" -> "Execute checklists";
"Execute checklists" -> "Generate report";
"Generate report" -> "Done";
}
Step 1: Scope Detection
If no argument:
git diff --name-only # Changed files
If argument provided:
| Argument | Scope |
|----------|-------|
| backend, api | Server-side focus |
| frontend, ui | Client-side focus |
| security | Security-only review |
| database, db | Database-only review |
| /path/to/file | Specific path only |
Step 2: Stack Detection
| Indicator | Detected Stack |
|-----------|---------------|
| pyproject.toml, requirements.txt | Python |
| FastAPI imports | FastAPI |
| composer.json, .neon | PHP/Nette |
| package.json + React/Vue | Frontend |
| .latte files | Nette templates |
| checkout, cart, product | E-commerce |
| REST endpoints | API |
| SQL files, migrations | Database |
Step 3: Route to Specialists
| Detected Stack | Skills to Invoke |
|----------------|------------------|
| Python/FastAPI | fastapi-workflow, security-review, database-review |
| PHP/Nette | nette-framework, security-review |
| Frontend | frontend-workflow, ux-optimization |
| E-commerce | ux-optimization (e-commerce practices) |
| API endpoints | api-design-review, security-review |
| Database changes | database-review |
| Any code | security-review (always) |
Step 4: Execute Checklists
For each invoked skill, run its checklist and record findings.
Priority order:
- CRITICAL - Security vulnerabilities, data loss risks
- HIGH - Performance issues, missing validation
- MEDIUM - Code quality, missing tests
- LOW - Style, documentation
Step 5: Generate Report
## Deep Review: [scope]
**Stack:** [detected]
**Files:** [count] analyzed
**Skills used:** [list]
---
### 🔴 CRITICAL (blocks deploy)
| File:line | Issue | Fix |
|-----------|-------|-----|
| api/auth.py:45 | SQL injection | Use parameterized query |
---
### 🟠 HIGH (technical debt)
| File:line | Issue | Recommendation |
|-----------|-------|----------------|
| ... | ... | ... |
---
### 🟡 MEDIUM (improvements)
- [ ] ...
---
### ⚪ LOW (nice to have)
- [ ] ...
---
### Checklist Summary
| Skill | Issues Found | Critical | High |
|-------|--------------|----------|------|
| security-review | 3 | 1 | 2 |
| database-review | 2 | 0 | 1 |
| api-design-review | 1 | 0 | 0 |
Specialist Skills
Security Review (security-review)
- OWASP Top 10 checklist
- SQL injection, XSS, CSRF
- Auth/session handling
- Sensitive data exposure
Database Review (database-review)
- N+1 queries
- Missing indexes
- Transaction handling
- Connection pooling
API Design Review (api-design-review)
- REST conventions
- Error handling
- Pagination
- Rate limiting
- Versioning
Framework-Specific
fastapi-workflow- FastAPI patternsnette-framework- Nette patternsfrontend-workflow- Frontend patterns
UX Review
ux-optimization- For frontend/e-commerce
Red Flags - Stop Review, Alert Immediately
These require IMMEDIATE attention:
🚨 CRITICAL SECURITY ISSUES:
- Hardcoded secrets/credentials
- SQL injection vulnerabilities
- No auth on sensitive endpoints
- Plaintext passwords
- Debug mode in production
Action: Stop review, alert user, fix before continuing.
Quick Reference
| Review Type | Specialist Skill | Focus |
|-------------|------------------|-------|
| Security | security-review | OWASP Top 10 |
| Database | database-review | N+1, indexes, transactions |
| API | api-design-review | REST, errors, pagination |
| FastAPI | fastapi-workflow | Pydantic, async, DI |
| Nette | nette-framework | DI, Latte, Tracy |
| Frontend | frontend-workflow | Components, state |
| UX | ux-optimization | Forms, e-commerce |
Common Mistakes
❌ Skipping security review: "It's just internal API" → Security review ALWAYS runs.
❌ Ignoring low severity: Low ≠ unimportant. Track for later cleanup.
❌ Not prioritizing: Fix CRITICAL before touching MEDIUM issues.
❌ Missing stack detection: Check multiple indicators, not just one file.
Integration Notes
Triggering deep-review:
- Manual:
/deep-reviewor "review my changes" - After significant code completion
- Before merge/deploy
After review:
- Fix CRITICAL immediately
- Create tickets for HIGH/MEDIUM
- Track LOW in tech debt backlog
Related Skills
petrogurcak/testimonial-harvesting
development
VerifiedTrustedCommunity
Builds a pre-launch social proof strategy through structured beta programs using D'Souza Brain Audit interviews. Use when launching new products/services and need compelling testimonials, planning a beta cohort, designing interview questions to harvest objection-busting social proof, improving video testimonials for landing pages, or designing case studies with metrics. Trigger phrases include "beta tester program for testimonials", "pre-launch social proof", "Brain Audit testimonial framework", "case study harvest", "reverse testimonial", "video testimonial mechanics", "social proof landing page", "sběr referencí", "beta tester program", "testimonial pro landing page", "social proof před launchem", "rozhovor s klientem", "case study sběr", "reference před spuštěním". NOT for ongoing case study production (use growth-hacking case-study approach), offer design (use offer-creation), or conversion optimization (use ux-optimization).
2SKILL.mdUpdated May 14, 2026
petrogurcak/launch-orchestrator
development
VerifiedTrustedCommunity
Use when planning a product launch and the product type is unclear or could be either generic (SaaS/app/physical) or info-product. Routes between marketing:launch-strategy (generic launches) and marketing:info-product-launch (courses, memberships, ebooks, cohorts, communities). Trigger phrases - "launch", "spuštění", "go-to-market", "product launch", "release strategy", "uvedení na trh", "launch plan", "spuštění produktu", "launch sequence", "launch strategy". Do NOT trigger when product type is already clear (use specific skill directly).
2SKILL.mdUpdated May 14, 2026
petrogurcak/info-product-launch
testing
VerifiedTrustedCommunity
Specialized 8-week launch cadence for info-products — online courses, cohort programs, memberships, communities, ebooks, masterminds. Combines Jeff Walker's Product Launch Formula (Seed/Internal/JV variants, PLC sequence, open-cart day-by-day) with Stu McLaren's membership mechanics (closed cart, Success Path) and Hormozi Grand Slam Offer stacking. Use when planning "launch online kurzu", "info-product launch", "PLF launch", "course launch", "membership launch", "cohort launch", "ebook launch", "open cart close cart", "8-week launch of online course", "beta cohort to launch sequence", "spuštění kurzu", "launch členské sekce", "open cart strategie". Differentiates from marketing:launch-strategy (generic SaaS/app launches) — info-product-specific. NOT for SaaS launches, physical products, or services.
2SKILL.mdUpdated May 14, 2026
petrogurcak/mobile-store-release
development
VerifiedTrustedCommunity
Use when releasing an Expo/React Native mobile app to App Store and Google Play - covers eas submit, ASC "Submit for Review", Play promote Internal→Production, OTA update, and decoding common silent failures (Apple agreement expiry, missing English locale, Background Location declaration, web bundle failure on react-native-maps).
2SKILL.mdUpdated May 14, 2026