pleaseai/cubic-review
plugins/cubic/skills/cubic-review/SKILL.md
Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.
$ install --global
skillsauthnpx skillsauth add pleaseai/claude-code-plugins cubic-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 31, 2026, 5:23 AM71.3s1 file scanned
SKILL.md
- name:
- cubic-review
- description:
- Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.
- allowed-tools:
- Bash, Read, Edit
Cubic CLI - AI Code Review
Detect bugs, security issues, and code quality problems in local changes by running cubic review via Bash.
When to Use
- User asks to review code changes, diffs, or branches
- Pre-commit quality checks or bug detection
- Security vulnerability scanning on changed files
- Code style and best practice validation
- Comparing branch changes before creating a PR
Prerequisites
Cubic CLI must be installed. If cubic is not found in PATH, inform the user with installation options:
curl -fsSL https://cubic.dev/install | bashnpm install -g @cubic-dev-ai/cli
Do not run the installation command automatically. Let the user decide.
If cubic returns an authentication error, inform the user to run cubic login or complete browser-based authentication.
CLI Quick Reference
Always pass --json for structured output. Key modes:
cubic review --json-- review uncommitted changes (default)cubic review --base main --json-- compare against a branch (PR-style)cubic review --commit HEAD~1 --json-- review a specific commitcubic review --prompt "focus area" --json-- custom review focus
Constraint:
--base,--commit, and--promptare mutually exclusive.
JSON Output Format
{
"issues": [
{
"priority": "P0",
"file": "src/api/auth.ts",
"line": 45,
"title": "SQL injection vulnerability in user lookup",
"description": "User input is concatenated directly into SQL query without parameterization."
}
]
}
Priority levels: P0 (critical) > P1 (high) > P2 (medium) > P3 (low).
Workflow
- Run
cubic review --json(or with--base/--commitas appropriate) - Parse the JSON output to identify issues
- Sort issues by priority (P0 first)
- For each issue, read the referenced file and line
- Present proposed fixes to the user for approval before applying
- Apply approved fixes using Edit tool
- Re-run
cubic review --jsonto verify fixes
For the full command reference and step-by-step workflow, use /cubic:review.
Related Skills
pleaseai/RTK Token Optimization
development
VerifiedTrustedCommunity
RTK (Rust Token Killer) reduces LLM token consumption by 60-90% by filtering and compressing command outputs. Use when user asks about token savings, token optimization, RTK usage, `rtk gain`, `rtk discover`, or `rtk proxy`. Triggers on mentions of token reduction, RTK commands, or checking command cost.
10SKILL.mdUpdated Jun 12, 2026
pleaseai/semble
tools
VerifiedTrustedCommunity
Semantic code search using the Semble MCP server. Use when exploring an unfamiliar codebase, finding code by what it does rather than exact text, locating an implementation, understanding how a feature works, or discovering related code. Triggers on requests like "where is X handled", "find the code that does Y", "how does Z work", "search the codebase for", or any semantic/exploratory code question where grep's literal matching is a poor fit.
10SKILL.mdUpdated Jun 9, 2026
pleaseai/java-springboot
development
VerifiedTrustedCommunity
Get best practices for developing applications with Spring Boot.
9SKILL.mdUpdated May 29, 2026
pleaseai/java-junit
development
VerifiedTrustedCommunity
Get best practices for JUnit 5 unit testing, including data-driven tests
9SKILL.mdUpdated May 29, 2026