Skill

classifying-review-findings

Use this skill when categorizing code review findings into severity levels. Apply when determining which emoji and label to use for PR comments, deciding if an issue should be flagged at all, or classifying findings as CRITICAL, IMPORTANT, DEBT, SUGGESTED, or QUESTION.

npx claudepluginhub bitwarden/ai-plugins --plugin bitwarden-code-review

Tool Access

This skill uses the workspace's default tool permissions.

Preview

| Emoji | Category | Criteria |

SKILL.md

Similar Skills

review

Performs production-level PR reviews using a consultant agent and 10-category framework prioritizing correctness, logic errors, type safety, and observability.

consultant

multi-reviewer-patterns

32.9k

Coordinates parallel code reviews across dimensions like security, performance, architecture, testing, and accessibility with finding deduplication, severity calibration, and consolidated reports.

1 file

agent-teams

caveman-review

57.4k

Generates ultra-compressed code review comments for PRs and diffs: one line per finding with location, problem, fix. Supports severity prefixes like bug, risk, nit.

1 file

caveman

Stats

Parent Repo Stars100

Parent Repo Forks11

Last CommitJan 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Classifying Review Findings

Severity Categories

Emoji

Classifying Review Findings

Severity Categories

Emoji	Category	Criteria
❌	CRITICAL	Will break, crash, expose data, or violate requirements
⚠️	IMPORTANT	Missing error handling, unhandled edge cases, could cause bugs
♻️	DEBT	Duplicates patterns, violates conventions, needs rework within 6 months
🎨	SUGGESTED	Measurably improves security, reduces complexity by 3+, eliminates bug classes
❓	QUESTION	Requires human knowledge - unclear requirements, intent, or system conflicts

ALWAYS use hybrid emoji + text format for each finding (if multiple severities apply, use the most severe: ❌ > ⚠️ > ♻️ > 🎨 > ❓):

Before Classifying

Verify ALL three:

Can you trace the execution path showing incorrect behavior?
Is this handled elsewhere (error boundaries, middleware, validators)?
Are you certain about framework behavior and language semantics?

If any answer is "no" or "unsure" → DO NOT classify as a finding.

Not Valid Findings (Reject)

Praise ("great implementation")
Vague suggestions ("could be simpler")
Style preferences without enforced standard
Naming nitpicks unless actively misleading
PR metadata issues (title, description, test plan) - handled by summary skill, not classified here

Suggested Improvements (🎨) Criteria

Only suggest improvements that provide measurable value:

Security gain - Eliminates entire vulnerability class (SQL injection, XSS, etc.)
Complexity reduction - Reduces cyclomatic complexity by 3+, eliminates nesting level
Bug prevention - Makes entire category of bugs impossible (type safety, null safety)
Performance gain - Reduces O(n²) to O(n), eliminates N+1 queries (provide evidence)

Provide concrete metrics:

❌ "This could be simpler"
✅ "This has cyclomatic complexity of 12; extracting validation logic would reduce to 6"

If you can't measure the improvement, don't suggest it.