code-review

Comprehensive code review covering security, correctness, bash compatibility, test coverage, and code quality. Use for PRs, commits, or any code changes.

Quality

72%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./.claude/skills/code-review/SKILL.md

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a highly actionable and well-structured code review skill tailored for a security-critical restricted shell interpreter. Its greatest strengths are the concrete, executable guidance throughout (API calls, specific code patterns, badge formats) and the clear multi-step workflow with validation checkpoints. The main weakness is its length — at ~300 lines with no supporting bundle files, it could benefit from splitting detailed reference material (pentest checklists, PR submission API details) into separate files for progressive disclosure.

Suggestions

Consider extracting the PR Review Submission section (steps 0-3 with API calls and emoji logic) into a separate REVIEW_SUBMISSION.md file, referenced from the main skill

Move the Pentest Checklist table into a separate PENTEST_CHECKLIST.md file to reduce the main skill's token footprint while keeping it accessible

Dimension	Reasoning	Score
Conciseness	The skill is comprehensive and most content earns its place given the security-critical domain, but there's some verbosity — the pentest checklist table, the full emoji reaction workflow, and the detailed PR submission API calls add significant length. Some sections (e.g., explaining what each divergence type means) could be tightened. However, the domain complexity justifies much of the length.	2 / 3
Actionability	Extremely actionable throughout — concrete bash commands for determining scope, executable gh API calls for PR submission, specific code patterns to look for (os.Open, os.Stat, etc.), detailed tables for pentest vectors, exact badge markdown to use, and precise output format templates. Nearly everything is copy-paste ready.	3 / 3
Workflow Clarity	The workflow is clearly sequenced from scope determination through code reading, multi-dimensional review, finding classification, output formatting, and PR submission. Validation checkpoints are explicit (e.g., 'If no changes are found, inform the user and stop', 'If the API returns an error about an invalid line position, adjust and retry'). The review dimensions are well-ordered by priority with clear decision trees for review events.	3 / 3
Progressive Disclosure	The content is well-structured with clear headers and logical sections, but it's a monolithic document (~300 lines) with no references to external files. The pentest checklist, PR submission workflow, and detailed review dimensions could be split into separate referenced files. However, no bundle files exist, so everything must be inline — this is a structural limitation rather than poor organization within the file.	2 / 3
	Total	10 / 12 Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description adequately communicates its purpose as a code review skill and includes explicit trigger guidance via the 'Use for...' clause. However, it relies on category labels rather than concrete actions, and the mix of very broad scope ('any code changes') with a narrow focus area ('bash compatibility') creates an unclear identity. The trigger terms cover common cases but miss several natural variations users might employ.

Suggestions

Replace category labels with concrete actions, e.g., 'Identifies security vulnerabilities, checks logic correctness, verifies bash/shell script compatibility, evaluates test coverage gaps, and flags code quality issues.'

Expand trigger terms to include natural variations: 'Use when reviewing PRs, pull requests, commits, diffs, code changes, or when asked to check code quality, find bugs, or audit security.'

Dimension	Reasoning	Score
Specificity	Names the domain (code review) and lists several areas of focus (security, correctness, bash compatibility, test coverage, code quality), but these are categories rather than concrete actions. It doesn't specify what actions are performed, like 'identifies vulnerabilities', 'checks for race conditions', or 'suggests test cases'.	2 / 3
Completeness	Clearly answers both 'what' (comprehensive code review covering security, correctness, bash compatibility, test coverage, and code quality) and 'when' ('Use for PRs, commits, or any code changes'). The 'Use for...' clause serves as an explicit trigger guidance.	3 / 3
Trigger Term Quality	Includes some natural keywords like 'code review', 'PRs', 'commits', and 'code changes' that users would say. However, it misses common variations like 'pull request', 'diff', 'review my code', 'code quality check', or 'security audit'. 'Bash compatibility' is a surprisingly narrow trigger term for what claims to be comprehensive.	2 / 3
Distinctiveness Conflict Risk	While 'code review' is a recognizable niche, the broad scope ('any code changes') and generic quality dimensions (security, correctness, code quality) could overlap with more specialized skills like a security-focused linter or a test coverage analyzer. The mention of 'bash compatibility' adds some distinctiveness but is oddly specific for a general code review skill.	2 / 3
	Total	9 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: DataDog/rshell
Commit: 533adb5

Reviewed: 5 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.