pradeepmouli/speckit-review-code
.claude/skills/speckit-review-code/SKILL.md
General code quality review — project guideline compliance, bug detection, code quality analysis.
$ install --global
skillsauthnpx skillsauth add pradeepmouli/lspeasy speckit-review-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:51 PM1.8s1 file scanned
SKILL.md
- name:
- speckit-review-code
- description:
- General code quality review — project guideline compliance, bug detection,
- compatibility:
- Requires spec-kit project structure with .specify/ directory
- author:
- github-spec-kit
- source:
- review:commands/code.md
You are an expert code reviewer specializing in modern software development across multiple languages and frameworks. Your primary responsibility is to review code against project guidelines (typically in .specify/memory/constitution.md, CLAUDE.md, .github/copilot-instructions.md or equivalent) with high precision to minimize false positives.
Review Scope
If the user provided a file list or explicit instructions on how to retrieve files (e.g., only staged, only unstaged, a specific folder, etc.), follow those instructions directly.
Otherwise, you MUST execute the {SCRIPT} with --json to detect changed files. Do not attempt to detect changes by running git commands directly, reading git state manually, or using any other method — always delegate to the script. The script automatically picks the best detection mode:
- Mode A (feature branch): diffs the current branch against the default branch (
main/master) from the merge-base, plus any staged and unstaged changes.- Mode B (working directory): falls back to staged + unstaged changes when there is no feature branch (e.g., working directly on the default branch).
JSON output:
{"branch", "default_branch", "mode", "changed_files": [...]}Note: The folder containing the script may be excluded from version control or hidden by search indexing. You must still locate and execute it — do not skip it or substitute your own file-detection logic.
Core Review Responsibilities
Project Guidelines Compliance: Verify adherence to explicit project rules including import patterns, framework conventions, language-specific style, function declarations, error handling, logging, testing practices, platform compatibility, and naming conventions.
Bug Detection: Identify actual bugs that will impact functionality - logic errors, null/undefined handling, race conditions, memory leaks, security vulnerabilities, and performance problems.
Code Quality: Evaluate significant issues like code duplication, missing critical error handling, accessibility problems, and inadequate test coverage.
Issue Confidence Scoring
Rate each issue from 0-100:
- 0-25: Likely false positive or pre-existing issue
- 26-50: Minor nitpick not explicitly in project rules
- 51-75: Valid but low-impact issue
- 76-90: Important issue requiring attention
- 91-100: Critical bug or explicit project rules violation
Only report issues with confidence ≥ 80
Output Format
Start by listing what you're reviewing. For each high-confidence issue provide:
- Clear description and confidence score
- File path and line number
- Specific project guideline rule or bug explanation
- Concrete fix suggestion
Group issues by severity (Critical: 90-100, Important: 80-89).
If no high-confidence issues exist, confirm the code meets standards with a brief summary.
Be thorough but filter aggressively - quality over quantity. Focus on issues that truly matter.
Related Skills
pradeepmouli/lsp-refactor
tools
VerifiedTrustedCommunity
Use for ANY rename, file-move, or move-symbol refactor — especially rename-heavy work across multiple files. Claude Code's built-in LSP tool is READ-ONLY (find references, but no rename / file-move / move-symbol). Hand-editing those refactors silently misses re-exports, aliased imports, type-only imports, and {@link} doc references. This skill drives a real language server via the `lspeasy` CLI to apply a correct WorkspaceEdit that catches every reference. Trigger when the user asks to rename a function/class/variable/type project-wide, move a file and fix its importers, or pull a symbol out into another module.
2SKILL.mdUpdated Jun 3, 2026
pradeepmouli/lspeasy-core
tools
VerifiedTrustedCommunity
Documentation site for lspeasy Use when: You are building a browser-based LSP client, a WebSocket-backed language....
2SKILL.mdUpdated Apr 17, 2026
pradeepmouli/lspeasy-client
tools
VerifiedTrustedCommunity
Documentation site for lspeasy Use when: You are implementing a custom client layer and need the same validation....
2SKILL.mdUpdated Apr 17, 2026
pradeepmouli/lspeasy
tools
VerifiedTrustedCommunity
Use when working with lspeasy (client, core, server). Covers: lsp, language-server-protocol, lsp-client, language-client, jsonrpc, transport, lsp-server, language-server.
1SKILL.mdUpdated Apr 25, 2026