renatocaliari/cali-plan-critique
skills/cali-product-workflow/skills-workflow/cali-plan-critique/SKILL.md
[Cali] Plan critique skill using audit checklists and frameworks. Reviews spec-product.md for gaps, risks, and improvements. Can be used standalone after Shape Up or as part of cali-product-workflow.
$ install --global
skillsauthnpx skillsauth add renatocaliari/agent-sync-public-skills cali-plan-critiqueInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 6:07 AM295.1s7 files scanned
SKILL.md
- name:
- cali-plan-critique
- description:
- >
Plan Critique
This skill executes the Plan Critique phase. It can be used:
- Standalone — after a Shape Up session
- Via Workflow — part of the cali-product-workflow chain
5a. Read reference files
Read the references/ files to guide the process:
| File | Covers | When to read |
|---|---|---|
| references/PLAN-CRITIQUE-CONTEXT.md | Role definition, when to use, workflow position | Before starting — sets reviewer role |
| references/CHECKLISTS.md | Flow, state, affordance, data, system, feasibility checks | During analysis — primary checklist |
| references/critique-frameworks.md | Nielsen heuristics, emotional journey, cognitive load, personas, AI slop | During analysis — UX evaluation frameworks |
| references/audit-dimensions.md | 5 audit dimensions (a11y, perf, theming, responsive, anti-patterns) | During analysis — technical audit framework |
| references/auto-resolve-rules.md | Rules for automatic gap resolution | After analysis — for auto-resolve mode |
| references/output-format.md | Critique report format | After analysis — format output |
5b. Analysis via parallel worker
Launch a worker with checklists from references/:
- Worker receives: the spec-product.md content + files from
references/(CONTEXT.md role definition, CHECKLISTS.md primary checks, critique-frameworks.md UX, audit-dimensions.md technical) - Worker applies checklists and returns: gaps, risks, validations, open questions
5c. Review and resolve
- Present critique findings to the user
- Resolve actionable items:
- Missing boundaries → refine IN/OUT
- Unvalidated assumptions → add to risk register
- Rabbit holes → add mitigation or remove from scope
- Open questions → ask the user
- Update spec-product.md with resolutions
- Save critique to
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/critiques/critique-report.md
Output
Critique report is saved to:
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/critiques/critique-report.md
Updated spec (after gap resolution):
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/specs/spec-product_{v+1}.md
Related Skills
- cali-shape-up: Produces the spec-product.md that feeds this critique
- cali-tech-planning: Executes after critique approval
- cali-product-workflow (orchestrator): Coordinates this skill with other phases
Environment Adaptation
If any capability is unavailable, adapt using whatever tools your environment provides.
Related Skills
renatocaliari/pocketbase
development
VerifiedTrustedCommunity
PocketBase v0.39+ development - API rules, auth, collections, SDK, realtime, files, Go/JS extending, deployment, production tuning.
1SKILL.mdUpdated Jun 7, 2026
renatocaliari/cali-lat-md-seed
tools
VerifiedTrustedCommunity
Auto-initialize structured documentation for any project using lat.md (knowledge graph of markdown files with [[wiki links]], // @lat: code refs, and semantic search). Detects cali-product-workflow artifacts (spec-product.md, spec-tech.md, critiques) and uses them as seed material. Falls back to extracting business rules, architecture, and design decisions directly from the codebase. Use when a project lacks structured documentation or when lat.md/ is missing. After seeding, lat.md extension hooks keep documentation alive automatically.
1SKILL.mdUpdated Jun 2, 2026
renatocaliari/cali-ops-server-security
testing
VerifiedTrustedCommunity
[Cali] Server security audit and hardening for private servers behind Tailscale. Use when: auditing server security, hardening SSH/firewall/Docker, checking for vulnerabilities, setting up fail2ban, reviewing port exposure, or responding to security alerts. Covers 6 layers: CloudFlare, UFW, Tailscale, SSH, Docker, Application. Triggers: "server security", "security audit", "harden server", "SSH hardening", "firewall rules", "UFW config", "fail2ban", "port security", "Docker security", "vulnerability check", "security review".
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-package-audit
tools
VerifiedTrustedCommunity
Run supply chain security scans before installing packages or before releases. Triggers when: user installs a package (npm, pip, go get, brew), user asks to 'scan dependencies', 'check vulnerabilities', 'supply chain', 'security audit', 'run trivy', 'run socket', or before any release/deployment. Also triggers on mentions of: socket.dev, trivy, OSV-scanner, dotenvx, CVE, dependency audit. Covers all four tools with concrete commands.
1SKILL.mdUpdated May 30, 2026