renatocaliari/cali-plan-critique
skills/renatocaliari/pi-product-workflow/cali-product-workflow/skills-workflow/cali-plan-critique/SKILL.md
[Cali] Plan critique skill using audit checklists and frameworks. Reviews spec-product.md for gaps, risks, and improvements. Part of cali-product-workflow but can be used standalone after Shape Up.
$ install --global
skillsauthnpx skillsauth add renatocaliari/agent-sync-public-skills cali-plan-critiqueInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 4:22 AM266.3s7 files scanned
SKILL.md
- name:
- cali-plan-critique
- description:
- >
Plan Critique
Tools: See
references/cli-tools/subagents.mdfor subagent patterns.
This skill executes the Plan Critique phase.
How to Load
This skill is bundled with cali-product-workflow — there is no standalone /skill: command.
Via Orchestrator (recommended)
The orchestrator reads this file directly when needed.
Standalone
To run standalone, read skills-workflow/cali-plan-critique/SKILL.md and follow the instructions inline.
Process
5a. Read reference files
Read the references/ files to guide the process:
| File | Covers | When to read |
|---|---|---|
| references/plan-critique-context.md | Role definition, when to use, workflow position | Before starting — sets reviewer role |
| references/checklists.md | Flow, state, affordance, data, system, feasibility checks | During analysis — primary checklist |
| references/critique-frameworks.md | Nielsen heuristics, emotional journey, cognitive load, personas, AI slop | During analysis — UX evaluation frameworks |
| references/audit-dimensions.md | 5 audit dimensions (a11y, perf, theming, responsive, anti-patterns) | During analysis — technical audit framework |
| references/auto-resolve-rules.md | Rules for automatic gap resolution | After analysis — for auto-resolve mode |
| references/output-format.md | Critique report format | After analysis — format output |
5b. Analysis via subagent
Launch subagent with checklists from references/:
subagent({
agent: "reviewer",
task: `Review the spec-product.md using checklists from references/.
Use: plan-critique-context.md (role), checklists.md (primary), critique-frameworks.md (UX), audit-dimensions.md (technical).
Output: Executive Summary + Critical Questions (🚨) + Important (🤔) + Minor (🔎) + Strengths.
Do NOT resolve gaps — only identify and classify.
Format per output-format.md.
Save to .cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/critique-report.md`,
output: ".cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/critique-report.md"
})
5c. Gap Resolution
Ask mode: Auto-resolve (applies rules from references/auto-resolve-rules.md) or Manual (ask one by one).
- 🔎 is always automatic
- Auto-resolve: save
spec-product_{v}-pre-critique.md, createspec-product_{v+1}.mdwith "Resolved Gaps" section, and show change summary before proceeding - Manual: ask each 🚨 and 🤔 individually
- After resolving, create
spec-product_{v+1}.mdwith documented resolutions
Output
Critique report is saved to:
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/critique-report.md
Updated spec (after gap resolution):
.cali-product-workflow/{YYYY-MM-DD}/{_dir}/plans/spec-product_{v+1}.md
Related Skills
- cali-shape-up: Produces the spec-product.md that feeds this critique
- cali-tech-planning: Executes after critique approval
- cali-product-workflow: Coordinates this skill with other phases
Environment Adaptation
If a tool is unavailable, check:
../../../cali-product-workflow/references/cli-tools/
Related Skills
renatocaliari/pocketbase
development
VerifiedTrustedCommunity
PocketBase v0.39+ development - API rules, auth, collections, SDK, realtime, files, Go/JS extending, deployment, production tuning.
1SKILL.mdUpdated Jun 7, 2026
renatocaliari/cali-lat-md-seed
tools
VerifiedTrustedCommunity
Auto-initialize structured documentation for any project using lat.md (knowledge graph of markdown files with [[wiki links]], // @lat: code refs, and semantic search). Detects cali-product-workflow artifacts (spec-product.md, spec-tech.md, critiques) and uses them as seed material. Falls back to extracting business rules, architecture, and design decisions directly from the codebase. Use when a project lacks structured documentation or when lat.md/ is missing. After seeding, lat.md extension hooks keep documentation alive automatically.
1SKILL.mdUpdated Jun 2, 2026
renatocaliari/cali-ops-server-security
testing
VerifiedTrustedCommunity
[Cali] Server security audit and hardening for private servers behind Tailscale. Use when: auditing server security, hardening SSH/firewall/Docker, checking for vulnerabilities, setting up fail2ban, reviewing port exposure, or responding to security alerts. Covers 6 layers: CloudFlare, UFW, Tailscale, SSH, Docker, Application. Triggers: "server security", "security audit", "harden server", "SSH hardening", "firewall rules", "UFW config", "fail2ban", "port security", "Docker security", "vulnerability check", "security review".
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-package-audit
tools
VerifiedTrustedCommunity
Run supply chain security scans before installing packages or before releases. Triggers when: user installs a package (npm, pip, go get, brew), user asks to 'scan dependencies', 'check vulnerabilities', 'supply chain', 'security audit', 'run trivy', 'run socket', or before any release/deployment. Also triggers on mentions of: socket.dev, trivy, OSV-scanner, dotenvx, CVE, dependency audit. Covers all four tools with concrete commands.
1SKILL.mdUpdated May 30, 2026