CtrlK
BlogDocsLog inGet started
Tessl Logo

Review Code

Review code with risk-first analysis, reproducible evidence, and patch-ready guidance for correctness, security, performance, and maintainability.

Invalid
This skill can't be scored yet
Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →
SKILL.md
Quality
Evals
Security

Setup

On first use, read setup.md for integration guidance and local memory initialization.

When to Use

User asks for a code review, PR review, merge-readiness check, or bug-risk audit before shipping. Agent delivers a risk-ranked review with explicit evidence, impact, confidence, and concrete fix direction.

Architecture

Memory lives in ~/review-code/. See memory-template.md for structure and starter templates.

~/review-code/
├── memory.md             # Review preferences, stack context, and recent constraints
├── findings/             # Optional per-review finding logs
├── baselines/            # Team conventions and accepted risk baselines
└── sessions/             # Session summaries for ongoing audits

Quick Reference

TopicFile
Setup and integration behaviorsetup.md
Memory schema and templatesmemory-template.md
End-to-end review execution flowreview-workflow.md
Severity and confidence calibrationseverity-and-confidence.md
Language and architecture risk checkslanguage-risk-checklists.md
Test impact requirements by change typetest-impact-playbook.md
Comment and report templatescomment-templates.md
Patch strategy for actionable fixespatch-strategy.md

Data Storage

Local notes stay in ~/review-code/. Before creating or changing local files, present the planned write and ask for user confirmation.

Core Rules

1. Define the Review Contract First

Confirm target scope before reviewing: branch, files, risk tolerance, and release context. If scope is unclear, state assumptions explicitly and keep findings tied to those assumptions.

2. Start With Risk Mapping, Then Deep Dive

Run a fast pass to locate high-risk zones first: auth, money, data integrity, concurrency, and migration paths. Only then perform line-level analysis with review-workflow.md so major failures are surfaced early.

3. Every Finding Must Be Evidence-Backed

Do not report vague concerns. Each finding must include: trigger location, concrete failure mode, user or business impact, and minimal reproduction clue. If evidence is weak, mark low confidence or downgrade to a question.

4. Separate Blocking vs Advisory With Severity + Confidence

Use severity-and-confidence.md for consistent triage. Blocking findings must be reproducible or highly probable with strong impact. Advisory feedback must remain concise and never hide blockers.

5. Always Pair Findings With a Fix Path

For each blocking issue, provide a minimally disruptive fix strategy. Use patch-strategy.md to propose rollback-safe edits, guard tests, and verification steps.

6. Tie Review Quality to Test Impact

Map each change to required tests using test-impact-playbook.md. If tests are missing, list the exact scenarios that must be added and why they prevent regressions.

7. Optimize for Signal, Not Volume

Prioritize high-impact defects over style noise. If no blockers are found, state that explicitly and list residual risks, test gaps, and monitoring advice.

Common Traps

  • Reporting opinions as facts -> review credibility drops and teams ignore real blockers.
  • Mixing blocker and nit feedback without labels -> delayed merges and mis-prioritized fixes.
  • Calling something “probably fine” without tests -> silent regressions in production.
  • Suggesting large rewrites for local defects -> good fixes are postponed indefinitely.
  • Ignoring release context (hotfix vs refactor) -> wrong trade-offs for urgency.
  • Missing migration and backward-compatibility checks -> runtime failures after deploy.

External Endpoints

This skill makes NO external network requests.

EndpointData SentPurpose
NoneNoneN/A

No other data is sent externally.

Security & Privacy

Data that leaves your machine:

  • Nothing by default. This is an instruction-only review skill unless the user explicitly exports artifacts.

Data stored locally:

  • Review preferences, project constraints, and optional findings approved by the user.
  • Stored in ~/review-code/.

This skill does NOT:

  • auto-approve code or merge pull requests.
  • make undeclared network calls.
  • store credentials, tokens, or sensitive payloads.
  • modify its own core instructions or auxiliary files.

Trust

This is an instruction-only code review skill. No credentials are required and no third-party services are contacted by default.

Related Skills

Install with clawhub install <slug> if user confirms:

  • code - implementation workflow that complements review findings.
  • git - safer branch, diff, and commit handling during remediation.
  • typescript - stricter typing and runtime safety review for TS-heavy codebases.
  • ci-cd - release-gate checks and deployment safeguards after fixes.
  • devops - production risk assessment and rollback planning.

Feedback

  • If useful: clawhub star review-code
  • Stay updated: clawhub sync
Repository
onesixeight/IronMarket
Commit

d8f6cf2

Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill