wfhanna1/code-review
.claude/skills/code-review/SKILL.md
Run a comprehensive code review on recent changes using the code-reviewer and security-reviewer agents
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add wfhanna1/Automated-obs-trigger code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:28 PM4.3s1 file scanned
SKILL.md
- name:
- code-review
- description:
- Run a comprehensive code review on recent changes using the code-reviewer and security-reviewer agents
- disable-model-invocation:
- true
Run a comprehensive code review on the recent changes: $ARGUMENTS
-
Gather context
- Run
git diffto see all changes (orgit diff $ARGUMENTSif a branch/commit is specified) - Identify all changed files and their ownership domains
- Run
-
Code quality review
- Message the code-reviewer agent to analyze changes for:
- Clean code compliance (naming, functions, SOLID)
- 12-factor compliance (config, statelessness, logs)
- Module boundary adherence (function_app orchestrates, src/ modules are independent)
- Type annotation completeness
- Test coverage
- Message the code-reviewer agent to analyze changes for:
-
Security review
- Message the security-reviewer agent to check for:
- SSH key handling and tempfile cleanup
- Secrets in log statements
- OWASP Top 10 vulnerabilities
- Dependency vulnerabilities (
pip-audit) - Service Bus message validation
- Message the security-reviewer agent to check for:
-
Synthesize findings
- Combine both reviews into a single report
- Prioritize: Critical > High > Medium > Low
- For each finding, include the file, line, issue, and remediation
-
Report results
- If reviewing a PR, post the review as a comment with
gh pr review - If reviewing local changes, output the report directly
- If reviewing a PR, post the review as a comment with
Related Skills
wfhanna1/tdd
development
VerifiedTrustedCommunity
Test-driven development workflow. Write failing tests first, then implement to make them pass.
SKILL.mdUpdated Apr 16, 2026
wfhanna1/fix-issue
data-ai
VerifiedTrustedCommunity
Fix a GitHub issue end-to-end using the agent team workflow
SKILL.mdUpdated Apr 16, 2026
wfhanna1/api-conventions
development
VerifiedTrustedCommunity
Azure Functions and Service Bus message conventions for this project. Applied automatically when working on function_app.py or Service Bus message schemas.
SKILL.mdUpdated Apr 16, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026