code-review
Comprehensive code review covering security, correctness, bash compatibility, test coverage, and code quality. Use for PRs, commits, or any code changes.
77
72%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./.claude/skills/code-review/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description adequately communicates its purpose as a code review skill and includes explicit trigger guidance with 'Use for PRs, commits, or any code changes.' However, it lists review categories rather than concrete actions, and the inclusion of 'bash compatibility' alongside general concerns like 'security' and 'correctness' creates ambiguity about the skill's scope. More specific action verbs and broader trigger term coverage would strengthen it.
Suggestions
Replace category labels with concrete actions, e.g., 'Identifies security vulnerabilities, checks logical correctness, verifies test coverage, and flags code quality issues in code changes.'
Expand trigger terms to include common variations: 'Use when reviewing PRs, pull requests, commits, diffs, code changes, or when asked to review, audit, or check code.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (code review) and lists several areas of focus (security, correctness, bash compatibility, test coverage, code quality), but these are categories rather than concrete actions. It doesn't specify what actions are performed, like 'identifies vulnerabilities', 'checks for race conditions', or 'suggests test cases'. | 2 / 3 |
Completeness | Clearly answers both 'what' (comprehensive code review covering security, correctness, bash compatibility, test coverage, and code quality) and 'when' ('Use for PRs, commits, or any code changes'). The 'Use for...' clause serves as an explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes some natural keywords like 'code review', 'PRs', 'commits', and 'code changes' that users would say. However, it misses common variations like 'pull request', 'diff', 'review my code', 'code quality check', or 'security audit'. The term 'bash compatibility' is oddly specific and narrows the perceived scope. | 2 / 3 |
Distinctiveness Conflict Risk | While 'code review' is a recognizable niche, the broad scope covering security, correctness, and code quality could overlap with dedicated security analysis skills, linting skills, or test coverage tools. The mention of 'bash compatibility' adds some distinctiveness but also creates confusion about whether this is a general or bash-specific skill. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a highly actionable and well-structured code review skill tailored for a security-critical restricted shell interpreter. Its greatest strengths are the concrete, executable guidance across all review dimensions and the clear workflow with explicit validation steps and decision tables. The main weakness is its length — at 300+ lines in a single file with no external references, it could benefit from splitting reference material (pentest checklists, API call templates, badge definitions) into supporting files to reduce the token footprint of the main skill.
Suggestions
Extract the pentest checklist, severity badge definitions, and PR submission API call templates into separate bundle files (e.g., PENTEST_CHECKLIST.md, PR_SUBMISSION.md) and reference them from the main skill to reduce token load.
Tighten the Go test type table and some explanatory text (e.g., the divergence classification table preamble) — Claude can infer test type purposes from file naming conventions without a full table.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive and most content earns its place given the security-critical domain, but there's some verbosity — the pentest checklist, severity badge definitions, and emoji reaction workflows add significant length. Some sections (e.g., explaining what each Go test type covers) could be tightened. However, the domain complexity justifies much of the detail. | 2 / 3 |
Actionability | Highly actionable throughout: concrete bash commands for determining scope (gh pr diff, git diff), specific code patterns to look for (os.Open, os.Stat), exact API calls for submitting reviews, precise badge markdown, executable proof-of-concept patterns, and detailed tables for pentest vectors and divergence classification. Nearly everything is copy-paste ready. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced from scope determination through code reading, multi-dimensional review, finding classification, output formatting, and PR submission. Validation checkpoints are explicit (e.g., 'If no changes are found, inform the user and stop', 'If the API returns an error about an invalid line position, adjust and retry', bash compatibility verification steps). The review dimensions have clear decision tables and classification schemes. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and logical sections, but it's a monolithic document (~300+ lines) with no references to external files. The pentest checklist, badge definitions, emoji reaction workflows, and detailed PR submission API calls could be split into separate reference files. For a skill this complex, the single-file approach creates a large context load. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- DataDog/rshell
- Commit
729dfbb
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.