code-reviewer

6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.

Best use case

code-reviewer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.

Teams using code-reviewer should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/code-reviewer/SKILL.md --create-dirs "https://raw.githubusercontent.com/nguyenthienthanh/aura-frog/main/aura-frog/skills/code-reviewer/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/code-reviewer/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How code-reviewer Compares

Feature / Agentcode-reviewerStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

> **AI-consumed reference.** Optimized for Claude to read during execution.
> Human-readable explanation: see [docs/architecture/HIERARCHICAL_PLANNING.md](../../../docs/architecture/HIERARCHICAL_PLANNING.md)
> or [docs/getting-started/](../../../docs/getting-started/) depending on topic.


# Code Reviewer

Use after implementation, Phase 4, or before merge.

## Process

1. `git diff --name-only main...HEAD` → changed files
2. Run 6-aspect review
3. Report + decision

## 6 Aspects

```toon
aspects[6]{aspect,weight,checks}:
  Security,CRITICAL,"Secrets, injection, auth gaps, CSRF/CORS"
  Architecture,HIGH,"SRP, coupling, wrong layer, edge cases"
  Error Handling,HIGH,"Unhandled rejections, empty catch, silent failures"
  Test Gaps,HIGH,"Untested critical paths, missing edge/boundary cases"
  Type Safety,MEDIUM,"Missing types, any usage, null gaps"
  Simplification,LOW,"Complex conditionals, deep nesting — only if harms readability"
```

Spend 60% on Security + Architecture + Edge Cases. Don't nitpick syntax — linters handle that.

## Report

`[ASPECT] [SEVERITY] file:line — description → Fix: recommendation`

CRITICAL = block merge | WARNING = should fix | INFO = nice to have

## Decision

- **APPROVED** — 0 critical, ≤3 warnings
- **CHANGES REQUESTED** — any critical finding

## Scoring (prevents LGTM drift)

Per-aspect breakdown required. Anchors: 9-10 production-ready, 7-8 minor issues, 5-6 needs work, <5 changes requested.

## Block Merge On

Hardcoded secrets, injection, missing auth on protected routes, breaking changes without migration.

---

## Mandatory Verification for Claims (CoVe)

Before reporting "0 critical findings" / "N% coverage" / "tests pass", run the Chain-of-Verification protocol from `skills/chain-of-verification/SKILL.md`. Draft → plan 3–5 verification questions → answer via tool (Read/Grep/Bash) → revise. Per `rules/workflow/chain-of-verification.md` this is **mandatory** — reviews without verified claims are not acceptable.

---

## Related Rules

- `rules/core/code-quality.md` — Coverage, typing, error handling baseline
- `rules/core/naming-conventions.md` — Naming patterns
- `rules/core/simplicity-over-complexity.md` — YAGNI/DRY/KISS
- `rules/core/verification.md` — Verify before approving
- `rules/core/prefer-established-libraries.md` — Library choice review
- `rules/core/context-economy.md` — Read only the diff hunks + immediate callers/callees, not whole files; use Grep to scope review evidence
- `rules/agent/sast-security-scanning.md` — Security patterns
- `rules/agent/error-handling-standard.md` — Error-handling review
- `rules/workflow/smart-commenting.md` — Comment review (WHY not WHAT)
- `rules/workflow/cross-review-workflow.md` — Builder ≠ Reviewer
- `rules/workflow/chain-of-verification.md` — **MANDATORY** for factual claims in review output
- `rules/workflow/dual-llm-review.md` — Second-opinion LLM for destructive-op / security-critical findings

Related Skills

vue-expert

14
from nguyenthienthanh/aura-frog

Vue 3 gotchas and decision criteria. Covers reactivity traps, Composition API pitfalls, and Pinia patterns.

typescript-expert

14
from nguyenthienthanh/aura-frog

TypeScript gotchas and decision criteria covering nullish coalescing pitfalls (|| vs ??), strict tsconfig settings (noUncheckedIndexedAccess, exactOptionalPropertyTypes), type guard patterns, discriminated unions, and as const vs enum. Use when writing TypeScript, configuring tsconfig, implementing type guards, or debugging null/undefined errors.

tree-of-thoughts

14
from nguyenthienthanh/aura-frog

Branch, evaluate, prune, expand — structured search over solution space. Use for architecture with multi-step decisions, refactor planning, or complex debug hypothesis trees. Paper: Yao et al. 2023.

test-writer

14
from nguyenthienthanh/aura-frog

Write tests with TDD following structured patterns. Ensures consistent AAA structure, proper coverage targets, and framework-specific conventions. Without this skill, tests lack consistent naming, miss coverage targets, and skip anti-pattern checks.

stitch-design

14
from nguyenthienthanh/aura-frog

Generate UI designs using Google Stitch AI with optimized prompts

session-continuation

14
from nguyenthienthanh/aura-frog

Manage workflow state across sessions with handoff and resume. TOON-based state persistence.

sequential-thinking

14
from nguyenthienthanh/aura-frog

Structured thinking process for complex analysis. Supports revision, branching, and dynamic adjustment.

self-improve

14
from nguyenthienthanh/aura-frog

Apply learned improvements to the Aura Frog plugin. Updates rules, adjusts agent routing, modifies workflow configurations, and generates knowledge base entries.

self-healing-orchestrator

14
from nguyenthienthanh/aura-frog

Proposes patches for F2 (local-logic) and F3 (local-design) failures. NEVER applies without user approval. Confidence ≥0.7 to propose; below that, escalates raw findings. Counts toward replan_budget. Per-task: max 1; per-session: max 5.

self-consistency

14
from nguyenthienthanh/aura-frog

Generate N independent reasoning paths and vote on the answer. Use for architectural trade-offs, ambiguous design decisions, or when single-path reasoning risks locking onto the first plausible answer. Paper: Wang et al. 2022.

scalable-thinking

14
from nguyenthienthanh/aura-frog

Design for scale while keeping implementation simple (KISS).

run-orchestrator

14
from nguyenthienthanh/aura-frog

Execute 5-phase TDD workflow for complex features. Use when the user invokes /run, asks to build/create/implement a feature, requests a complex multi-file change, or types 'fasttrack:'. Enforces phase gates, sprint contracts, and builder!=reviewer discipline.