review-guidelines
Repository-specific Cerebro review invariants and triage guidance for Droid code and security reviews.
48
51%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.factory/skills/review-guidelines/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is too vague and lacks concrete actions, explicit trigger guidance, and natural user-facing keywords. While the mention of 'Cerebro' and 'Droid' provides some distinctiveness, the description fails to communicate what specific tasks the skill performs or when it should be selected over other skills.
Suggestions
Add a 'Use when...' clause specifying explicit triggers, e.g., 'Use when reviewing Droid repository pull requests, triaging Cerebro findings, or performing security audits on Droid code.'
List specific concrete actions the skill performs, e.g., 'Checks for security vulnerabilities, enforces coding invariants, triages review findings by severity, and generates review summaries.'
Include natural keywords users might say, such as 'PR review', 'security audit', 'code review checklist', 'vulnerability check', or 'triage findings'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'review invariants' and 'triage guidance' without listing any concrete actions. It does not specify what the skill actually does (e.g., check for specific patterns, flag security issues, generate reports). | 1 / 3 |
Completeness | The description weakly addresses 'what' (review invariants and triage guidance) but never explicitly states 'when' Claude should use this skill. There is no 'Use when...' clause or equivalent trigger guidance. | 1 / 3 |
Trigger Term Quality | It includes some relevant terms like 'code review', 'security reviews', 'Cerebro', and 'Droid', but these are fairly niche/internal terms. Common user phrases like 'review PR', 'check code', or 'security audit' are missing. | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'Cerebro' and 'Droid' provides some specificity to a particular repository/tool, which helps distinguish it, but 'code and security reviews' is broad enough to overlap with general code review skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, concise skill that encodes domain-specific invariants and triage priorities efficiently. Its main weakness is that the review workflow is described at a high level without explicit step-by-step sequencing or validation checkpoints between passes, and the referenced supporting files are not available in the bundle to verify progressive disclosure.
Suggestions
Enumerate the review subpasses as an explicit ordered list (1. scanner validation, 2. changed behavior, etc.) with validation checkpoints between steps, such as 'confirm no SAST findings before proceeding to tenant/security invariants.'
Consider providing or referencing a concrete example of a review pass output or finding classification to make the triage workflow more actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Every bullet earns its place—each invariant is a specific, non-obvious constraint that Claude would not know from general training. No padding, no explanations of what code review is, no generic advice. The content is dense with domain-specific knowledge. | 3 / 3 |
Actionability | Provides concrete commands (`make droid-review-preflight`, `make droid-review-sast`, `make droid-ci-context`), specific file paths (`.factory/review-passes.json`, `.factory/review-memory.json`), named scripts (`scripts/droid_review_context.py`), and precise technical constraints (e.g., `io.ReadAll` must use `io.LimitReader`). Guidance is directly executable. | 3 / 3 |
Workflow Clarity | The Review Triage section names bounded subpasses and references executing them in order, but the actual sequence is not explicitly enumerated with clear steps or validation checkpoints between passes. The workflow is implied rather than fully specified with feedback loops. | 2 / 3 |
Progressive Disclosure | References external files like `.factory/review-passes.json`, `.factory/review-memory.json`, and `scripts/droid_review_context.py`, but no bundle files are provided to support them. The content is well-organized into two clear sections, but there are no explicit links to deeper reference material for individual invariants or pass definitions. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- writer/cerebro
- Commit
3aeaf20
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.