code-review-web
Review web application code for bugs, security issues, performance problems, and stack-specific anti-patterns. Use this skill whenever the user wants to review code, debug a production issue, investigate a build failure, audit security, or check a PR before merging. Triggers on code review, review my code, debug, build error, broken, not working, why is X failing, check this code, security check, PR review, audit code, refactor. Also triggers when investigating 4xx or 5xx errors, deploy failures, environment variable issues, and CMS integration problems.
67
81%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
92%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description with excellent trigger term coverage and clear completeness, explicitly stating both what the skill does and when to use it. The main weakness is its broad scope—covering code review, debugging, security auditing, build failures, and deployment issues—which increases the risk of conflicting with more specialized skills in any of those individual domains. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: reviewing for bugs, security issues, performance problems, stack-specific anti-patterns, debugging production issues, investigating build failures, auditing security, and checking PRs before merging. | 3 / 3 |
Completeness | Clearly answers both 'what' (review web application code for bugs, security issues, performance problems, anti-patterns) and 'when' (explicit 'Use this skill whenever...' clause plus detailed trigger terms covering multiple scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'code review', 'review my code', 'debug', 'build error', 'broken', 'not working', 'why is X failing', 'check this code', 'security check', 'PR review', '4xx or 5xx errors', 'deploy failures'. These are highly natural phrases users would actually type. | 3 / 3 |
Distinctiveness Conflict Risk | While it specifies 'web application code' and mentions stack-specific anti-patterns, the broad scope covering debugging, code review, security auditing, and refactoring could overlap with more specialized skills for any of those individual tasks. Terms like 'debug', 'broken', 'not working' are very generic and could conflict with non-web-related debugging skills. | 2 / 3 |
Total | 11 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, comprehensive code review skill with excellent workflow clarity and progressive disclosure. Its main weaknesses are moderate verbosity (some sections explain patterns Claude already knows) and a lack of concrete examples showing what a review output or specific bug detection looks like in practice. The instruction-only approach works for this domain but would benefit from at least one concrete example review.
Suggestions
Trim the 'Common bug patterns' section by removing explanations of well-known concepts (e.g., what N+1 queries are, what mixed content means) and keeping only the actionable check items.
Add a concrete example of a mini code review output showing how the 5 dimensions map to actual review comments, so Claude has a clear model to follow.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is well-organized and avoids explaining basic concepts, but it's quite long (~200 lines) with some sections that could be tightened. The 'Common bug patterns' section is extensive and some items (e.g., explaining what N+1 queries are, what HTTPS mixed content is) border on things Claude already knows. The 5 review dimensions are thorough but could be more compressed into checklists rather than explanatory bullet points. | 2 / 3 |
Actionability | The skill provides concrete checklists and structured workflows, which is good for an instruction-only skill. However, it lacks any executable code examples, specific commands, or concrete input/output examples. The guidance is specific enough to act on (e.g., 'check cookies have Secure, HttpOnly, SameSite') but never shows what a review output actually looks like or provides copy-paste-ready patterns. | 2 / 3 |
Workflow Clarity | Both the main review workflow and the debugging workflow are clearly sequenced with numbered steps. The debugging workflow includes explicit validation checkpoints ('Verify in production', 'Reproduce locally', 'Check cache state before concluding it's a code bug'). The severity classification (blocker, important, minor) and depth selection (quick scan vs full review vs deep dive) provide good decision frameworks. | 3 / 3 |
Progressive Disclosure | The skill clearly separates stack-agnostic principles in the main file from stack-specific patterns in well-signaled reference files. References are one level deep and clearly linked (review-template.md, nextjs-patterns.md, wordpress-headless-patterns.md). The 'When NOT to use' section with cross-references to other skills is excellent navigation. Content is appropriately split between overview and detail. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- rampstackco/claude-skills
- Commit
8e70d03
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.