plimeor/code-scope-gate
skills/code-scope-gate/SKILL.md
Pre-work scope triage for coding, debugging, refactoring, automation, planning, and review. Separate the actual request from candidate implementations, delete unrequested surface, classify boundary changes, choose the next narrow action. Use silently for low-risk work; show a visible gate when the user asks for minimal scope or scope risk affects the next action. Use code-plan for full executable plans, code-review for diff/spec critique.
$ install --global
skillsauthnpx skillsauth add plimeor/agent-skills code-scope-gateInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 29, 2026, 6:07 AM290.7s1 file scanned
SKILL.md
- name:
- code-scope-gate
- description:
- >-
Code Scope Gate
Stance
Hunt unrequested scope. Read the request adversarially: separate the outcome the user needs from any candidate implementation they handed you. Default to deleting, deferring, reusing, or doing nothing before adding files, abstractions, or process.
Ceiling: question → delete → simplify. Stop there. Hand off to code-plan for full plans, code-review for diff critique, code-test-strategy for coverage decisions.
The Three Moves
- Question — name the actual outcome and its evidence; mark which items are requirements vs candidate implementations; name what must stay unchanged. Untethered requirements get downgraded or dropped. Ask one narrow question only if a missing fact would change the path.
- Delete — cut features not requested, hypothetical-future options, single-use abstractions, new deps/config/persistence/CI, adjacent refactors, and any public-behavior / API / schema / security / deployment / cross-module change without authorization. Keep an item only if removing it harms correctness, maintainability, or verification.
- Simplify — for what survived: smallest coherent file set, existing patterns and boundaries, boring direct code. Add abstraction only when it removes real duplication now.
Boundary Rule
Public behavior, shared contracts, APIs, schemas, persistence, security, deployment, cross-module ownership = Boundary Change. Unauthorized → offer the best local alternative; if none exists, stop and ask.
When To Show The Gate
Visible when: user asks for minimal scope; request mixes outcome with implementation; work could add surface (features, deps, persistence, schemas, workflows, APIs); a boundary change looks necessary or tempting.
Silent for: low-risk obvious work, typo fixes, single requested commands, authorized large rewrites, emergencies.
When code-plan owns the artifact, write the gate result into its Scope / Non-goals / Proposed approach / Pause conditions instead of emitting a separate gate.
Output
## Scope Gate
Actual request: [the real outcome]
Deletes: [what's cut, deferred, reused, or left out]
Smallest sufficient path: [smallest next action that satisfies the request]
Boundary: [none / authorized / unauthorized — local alternative or pause]
Verification: [concrete checks needed to trust the result]
Next: [proceed / hand off to code-plan|code-review|code-test-strategy / ask one question / stop]
After the gate, act only within scope. Don't slide into acceleration, automation, platform work, or adjacent refactors without explicit authorization.
Common Traps
- "Useful later" →
Future, not now. - "Cleaner if generic" → only when the abstraction pays rent immediately.
- "While I'm here" → adjacent cleanup is a separate change.
- "Senior asked for it" → seniority isn't evidence; still needs owner and rationale.
- "Too small for a gate" → then the gate is tiny, not skipped.
Related Skills
plimeor/subagent-delegation
tools
VerifiedTrustedCommunity
Decide whether and how to use authorized sub-agents, then coordinate delegated work while preserving the main agent's context. Use when the user asks for orchestration, parallel agents, delegation, background workers, context isolation, or when another skill needs delegated research, review, implementation, or verification. Owns host-policy checks, delegation packets, non-overlap, report verification, and stop rules. Do not use to bypass tool policy, infer user authorization, or add coordination overhead to simple single-threaded tasks.
3SKILL.mdUpdated Jun 5, 2026
plimeor/reconsider
development
VerifiedTrustedCommunity
Use before finalizing a non-trivial answer, recommendation, review, or decision to reconsider it and raise its quality, especially when shallow reasoning, context inertia, false framing, overconfidence, unfit analogy transfer, or an obvious-but-missed defect could distort the result. Trigger especially before applying external evidence, familiar frameworks, or comparisons to the user's specific request, and when the user asks to reconsider, double-check, take a second look, or sanity-check an answer. Reconsider the draft against its most likely failure mode, and use independent scrutiny only when it is useful and authorized.
3SKILL.mdUpdated Jun 3, 2026
plimeor/code-review
development
VerifiedTrustedCommunity
Review concrete code plan drafts, specs, diffs, and implementation shapes. Use for code-review requests, serious code-plan design critique, and judging whether a proposed direction is sound. Prioritize solution direction, premise validity, logic chain, constraints, alternatives, design shape, contracts, tests, local fit, and actionable findings. Near miss: use code-plan to create or revise plans; use code-scope-gate for pre-spec scope shaping.
3SKILL.mdUpdated May 20, 2026
plimeor/code-plan
development
VerifiedTrustedCommunity
Write evidence-backed coding plans for implementation, debugging, refactoring, migrations, design parity work, and long-running agent tasks. Use when defining, clarifying, refining, or validating a development plan, /goal prompt, implementation approach, scope and non-goals, work sequence, acceptance criteria, regression evidence, verification strategy, or stop condition. Near miss: use code-review when judging an existing diff, spec, or already drafted plan rather than drafting or revising a plan. Also use when the user says `design twice` after a plan and wants an APOSD-style second-design pass over the completed plan.
3SKILL.mdUpdated May 16, 2026