cubic-review

Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.

5 stars

Best use case

cubic-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.

Teams using cubic-review should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/cubic-review/SKILL.md --create-dirs "https://raw.githubusercontent.com/pleaseai/claude-code-plugins/main/plugins/cubic/skills/cubic-review/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/cubic-review/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How cubic-review Compares

Feature / Agentcubic-reviewStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Run AI-powered code reviews using Cubic CLI to detect bugs, security vulnerabilities, and style issues in local changes. Use when the user says "review my code," "check my changes for bugs," "run cubic review," "review this diff," "pre-commit check," "find issues before I push," "analyze my branch changes," or "code quality check." Triggers on mentions of cubic, code review, diff review, pre-commit checks, bug detection, and code quality validation.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Cubic CLI - AI Code Review

Detect bugs, security issues, and code quality problems in local changes by running `cubic review` via Bash.

## When to Use

- User asks to review code changes, diffs, or branches
- Pre-commit quality checks or bug detection
- Security vulnerability scanning on changed files
- Code style and best practice validation
- Comparing branch changes before creating a PR

## Prerequisites

Cubic CLI must be installed. If `cubic` is not found in PATH, inform the user with installation options:
- `curl -fsSL https://cubic.dev/install | bash`
- `npm install -g @cubic-dev-ai/cli`

Do not run the installation command automatically. Let the user decide.

If cubic returns an authentication error, inform the user to run `cubic login` or complete browser-based authentication.

## CLI Quick Reference

Always pass `--json` for structured output. Key modes:

- `cubic review --json` -- review uncommitted changes (default)
- `cubic review --base main --json` -- compare against a branch (PR-style)
- `cubic review --commit HEAD~1 --json` -- review a specific commit
- `cubic review --prompt "focus area" --json` -- custom review focus

> **Constraint**: `--base`, `--commit`, and `--prompt` are mutually exclusive.

## JSON Output Format

```json
{
  "issues": [
    {
      "priority": "P0",
      "file": "src/api/auth.ts",
      "line": 45,
      "title": "SQL injection vulnerability in user lookup",
      "description": "User input is concatenated directly into SQL query without parameterization."
    }
  ]
}
```

Priority levels: **P0** (critical) > **P1** (high) > **P2** (medium) > **P3** (low).

## Workflow

1. Run `cubic review --json` (or with `--base`/`--commit` as appropriate)
2. Parse the JSON output to identify issues
3. Sort issues by priority (P0 first)
4. For each issue, read the referenced file and line
5. Present proposed fixes to the user for approval before applying
6. Apply approved fixes using Edit tool
7. Re-run `cubic review --json` to verify fixes

For the full command reference and step-by-step workflow, use `/cubic:review`.

Related Skills

recipe-review-overdue-tasks

5
from pleaseai/claude-code-plugins

Find Google Tasks that are past due and need attention.

recipe-review-meet-participants

5
from pleaseai/claude-code-plugins

Review who attended a Google Meet conference and for how long.

review-docs

5
from pleaseai/claude-code-plugins

Review documentation for quality, clarity, SEO, and technical correctness. Optimized for Docus/Nuxt Content but works with any Markdown documentation. Use when asked to: "review docs", "check documentation", "audit docs", "validate documentation", "improve docs quality", "analyze documentation", "check my docs", "review my documentation pages", "validate MDC syntax", "check for SEO issues", "analyze doc structure". Provides actionable recommendations categorized by priority (Critical, Important, Nice-to-have).

use-zod

5
from pleaseai/claude-code-plugins

Answer questions about the Zod schema validation library and help build schemas, parsers, refinements, transforms, codecs, and error formatters. Use when developers: (1) ask about Zod APIs like `z.object`, `z.string`, `z.array`, `z.union`, `z.discriminatedUnion`, `parse`, `safeParse`, `z.infer`; (2) define request/response/form schemas in TypeScript; (3) handle `ZodError` or customize error messages; (4) migrate between Zod v3 and v4 (entry-point split, `formatError` → `treeifyError`/`prettifyError`, unified `error` param replacing `message`/`errorMap`). Triggers on: "zod", "z.object", "z.string", "z.array", "z.union", "z.infer", "z.input", "z.output", "ZodError", "$ZodError", "safeParse", "parseAsync", "z.codec", "treeifyError", "prettifyError", "flattenError", "discriminatedUnion", "zod/v4", "zod/v3", "zod/mini", "z.coerce", "superRefine".

workflow

5
from pleaseai/claude-code-plugins

Creates durable, resumable workflows using Vercel's Workflow SDK. Use when building workflows that need to survive restarts, pause for external events, retry on failure, or coordinate multi-step operations over time. Triggers on mentions of "workflow", "durable functions", "resumable", "workflow sdk", "queue", "event", "push", "subscribe", or step-based orchestration.

wpds

5
from pleaseai/claude-code-plugins

Use when building UIs leveraging the WordPress Design System (WPDS) and its components, tokens, patterns, etc.

wp-wpcli-and-ops

5
from pleaseai/claude-code-plugins

Use when working with WP-CLI (wp) for WordPress operations: safe search-replace, db export/import, plugin/theme/user/content management, cron, cache flushing, multisite, and scripting/automation with wp-cli.yml.

wp-rest-api

5
from pleaseai/claude-code-plugins

Use when building, extending, or debugging WordPress REST API endpoints/routes: register_rest_route, WP_REST_Controller/controller classes, schema/argument validation, permission_callback/authentication, response shaping, register_rest_field/register_meta, or exposing CPTs/taxonomies via show_in_rest.

wp-project-triage

5
from pleaseai/claude-code-plugins

Use when you need a deterministic inspection of a WordPress repository (plugin/theme/block theme/WP core/Gutenberg/full site) including tooling/tests/version hints, and a structured JSON report to guide workflows and guardrails.

wp-plugin-development

5
from pleaseai/claude-code-plugins

Use when developing WordPress plugins: architecture and hooks, activation/deactivation/uninstall, admin UI and Settings API, data storage, cron/tasks, security (nonces/capabilities/sanitization/escaping), and release packaging.

wp-playground

5
from pleaseai/claude-code-plugins

Use for WordPress Playground workflows: fast disposable WP instances in the browser or locally via @wp-playground/cli (server, run-blueprint, build-snapshot), auto-mounting plugins/themes, switching WP/PHP versions, blueprints, and debugging (Xdebug).

wp-phpstan

5
from pleaseai/claude-code-plugins

Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes.