cubic-review
Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.
Best use case
cubic-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.
Teams using cubic-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/cubic-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How cubic-review Compares
| Feature / Agent | cubic-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Cubic CLI - AI Code Review
Detect bugs, security issues, and code quality problems in local changes by running `cubic review` via Bash.
## When to Use
- User asks to review code changes, diffs, or branches
- Pre-commit quality checks or bug detection
- Security vulnerability scanning on changed files
- Code style and best practice validation
- Comparing branch changes before creating a PR
## Prerequisites
Cubic CLI must be installed. If `cubic` is not found in PATH, inform the user with installation options:
- `curl -fsSL https://cubic.dev/install | bash`
- `npm install -g @cubic-dev-ai/cli`
Do not run the installation command automatically. Let the user decide.
If cubic returns an authentication error, inform the user to run `cubic login` or complete browser-based authentication.
## CLI Quick Reference
Always pass `--json` for structured output. Key modes:
- `cubic review --json` -- review uncommitted changes (default)
- `cubic review --base main --json` -- compare against a branch (PR-style)
- `cubic review --commit HEAD~1 --json` -- review a specific commit
- `cubic review --prompt "focus area" --json` -- custom review focus
> **Constraint**: `--base`, `--commit`, and `--prompt` are mutually exclusive.
## JSON Output Format
```json
{
"issues": [
{
"priority": "P0",
"file": "src/api/auth.ts",
"line": 45,
"title": "SQL injection vulnerability in user lookup",
"description": "User input is concatenated directly into SQL query without parameterization."
}
]
}
```
Priority levels: **P0** (critical) > **P1** (high) > **P2** (medium) > **P3** (low).
## Workflow
1. Run `cubic review --json` (or with `--base`/`--commit` as appropriate)
2. Parse the JSON output to identify issues
3. Sort issues by priority (P0 first)
4. For each issue, read the referenced file and line
5. Present proposed fixes to the user for approval before applying
6. Apply approved fixes using Edit tool
7. Re-run `cubic review --json` to verify fixes
For the full command reference and step-by-step workflow, use `/cubic:review`.Related Skills
recipe-review-overdue-tasks
Find Google Tasks that are past due and need attention.
recipe-review-meet-participants
Review who attended a Google Meet conference and for how long.
review-docs
Review documentation for quality, clarity, SEO, and technical correctness. Optimized for Docus/Nuxt Content but works with any Markdown documentation. Use when asked to: "review docs", "check documentation", "audit docs", "validate documentation", "improve docs quality", "analyze documentation", "check my docs", "review my documentation pages", "validate MDC syntax", "check for SEO issues", "analyze doc structure". Provides actionable recommendations categorized by priority (Critical, Important, Nice-to-have).
use-zod
Answer questions about the Zod schema validation library and help build schemas, parsers, refinements, transforms, codecs, and error formatters. Use when developers: (1) ask about Zod APIs like `z.object`, `z.string`, `z.array`, `z.union`, `z.discriminatedUnion`, `parse`, `safeParse`, `z.infer`; (2) define request/response/form schemas in TypeScript; (3) handle `ZodError` or customize error messages; (4) migrate between Zod v3 and v4 (entry-point split, `formatError` → `treeifyError`/`prettifyError`, unified `error` param replacing `message`/`errorMap`). Triggers on: "zod", "z.object", "z.string", "z.array", "z.union", "z.infer", "z.input", "z.output", "ZodError", "$ZodError", "safeParse", "parseAsync", "z.codec", "treeifyError", "prettifyError", "flattenError", "discriminatedUnion", "zod/v4", "zod/v3", "zod/mini", "z.coerce", "superRefine".
workflow
Creates durable, resumable workflows using Vercel's Workflow SDK. Use when building workflows that need to survive restarts, pause for external events, retry on failure, or coordinate multi-step operations over time. Triggers on mentions of "workflow", "durable functions", "resumable", "workflow sdk", "queue", "event", "push", "subscribe", or step-based orchestration.
wpds
Use when building UIs leveraging the WordPress Design System (WPDS) and its components, tokens, patterns, etc.
wp-wpcli-and-ops
Use when working with WP-CLI (wp) for WordPress operations: safe search-replace, db export/import, plugin/theme/user/content management, cron, cache flushing, multisite, and scripting/automation with wp-cli.yml.
wp-rest-api
Use when building, extending, or debugging WordPress REST API endpoints/routes: register_rest_route, WP_REST_Controller/controller classes, schema/argument validation, permission_callback/authentication, response shaping, register_rest_field/register_meta, or exposing CPTs/taxonomies via show_in_rest.
wp-project-triage
Use when you need a deterministic inspection of a WordPress repository (plugin/theme/block theme/WP core/Gutenberg/full site) including tooling/tests/version hints, and a structured JSON report to guide workflows and guardrails.
wp-plugin-development
Use when developing WordPress plugins: architecture and hooks, activation/deactivation/uninstall, admin UI and Settings API, data storage, cron/tasks, security (nonces/capabilities/sanitization/escaping), and release packaging.
wp-playground
Use for WordPress Playground workflows: fast disposable WP instances in the browser or locally via @wp-playground/cli (server, run-blueprint, build-snapshot), auto-mounting plugins/themes, switching WP/PHP versions, blueprints, and debugging (Xdebug).
wp-phpstan
Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes.