Stats
Actions
Tags
From agentops
Reviews diffs and PRs for bugs, security issues, mocks, and placeholders. Useful for pre-commit code review or auditing agent output.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agentops:reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- **bug-hunt** — Investigate bugs and root causes.
Quick Ref:
/review <PR>reviews a PR,/review --diffreviews local changes,/review --agent <path>reviews agent output with extra scrutiny.
YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it.
This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use /validate instead.
/review 42 # PR mode — review PR #42
/review https://github.com/o/r/pull/42 # PR mode — review by URL
/review --diff # Diff mode — review unstaged/staged changes
/review --diff --staged # Diff mode — staged only
/review --agent .agents/crank/ # Agent mode — review agent-generated output
/review --agent ./output.patch # Agent mode — review a patch file
/review --deep 42 # Deep mode — spawns council for second opinion
/review --mocks # Find stubs, mocks, placeholders, TODOs
/review --bugs # Bug scanner: null derefs, leaks, security holes
/review --audit security # Domain audit: security, perf, UX, API, CLI
/review --deep-scan # Iterative audit-fix-rescan until clean
Determine the review mode from arguments:
--diff flag present.--agent <path> flag present.Load language-specific conventions from /standards based on file extensions in the diff. If ao is available, pull prior review context:
ao lookup --query "code review patterns $(basename "$PWD")" --limit 3 2>/dev/null || true
Apply retrieved knowledge (mandatory when results returned):
If learnings are returned, do NOT just load them as passive context. For each returned item:
known_risk — state the pattern, what to look for, and whether the diff exhibits itAfter applying, record the citation:
ao metrics cite "<learning-path>" --type applied 2>/dev/null || true
Skip silently if ao is unavailable or returns no results.
Load the behavioral discipline standard from /standards before reviewing the diff. Use it to answer four questions:
If any answer is weak, record the problem as a finding. Hidden assumptions, speculative abstractions, drive-by edits, and weak verification are review defects, not style preferences.
gh pr view "$PR_REF" --json title,body,author,baseRefName,headRefName,labels,reviewDecision,commits
gh pr diff "$PR_REF"
gh pr diff "$PR_REF" --name-only
If the PR has more than 500 changed lines, prioritize: security-sensitive files, high-complexity changes, new files, then test files.
git diff HEAD # unstaged + staged
git diff --cached # staged only (with --staged flag)
git diff HEAD --name-only # changed file list
# Directory: find all generated files
find "$AGENT_PATH" -type f \( -name '*.go' -o -name '*.py' -o -name '*.ts' -o -name '*.sh' -o -name '*.md' \)
# Patch file: inspect stats
git apply --stat "$AGENT_PATH"
Understand the intent behind the changes before reviewing the code:
fixes #, closes #), read commit messages.git log --oneline -5, branch name, open issues via bd list --status open..agents/rpi/ artifacts.Output a one-line intent summary before proceeding:
INTENT: <what the change is trying to accomplish>
If intent is unclear, flag it: "PR description does not explain the purpose of this change."
Review every changed file against the SCORED checklist. For each category, actively look for problems. Do not skim -- read each changed line.
For audit-style reviews, generated-code suspicion, mock leakage, or external-review-tool findings, load references/audit-and-mock-sweeps.md before writing final findings.
When reviewing agent-generated code, apply additional scrutiny for common agent failure modes:
!= nil or != "")cov*_test.go naming pattern (coverage-padding anti-pattern)Create a review artifact:
REVIEW_DIR=".agents/review"
mkdir -p "$REVIEW_DIR"
REVIEW_FILE="$REVIEW_DIR/$(date +%Y-%m-%d)-review-$(echo "$PR_REF" | tr '/' '-').md"
# Review: <PR title or change description>
**Date:** YYYY-MM-DD | **Verdict:** APPROVE | REQUEST_CHANGES | COMMENT
**Target:** PR #N / local diff / agent output at <path>
## Intent
<one-line summary>
## SCORED Assessment
| Category | Rating | Notes |
|----------|--------|-------|
| Security | pass/warn/fail | ... |
| Correctness | pass/warn/fail | ... |
| Observability | pass/warn/fail | ... |
| Readability | pass/warn/fail | ... |
| Efficiency | pass/warn/fail | ... |
| Design | pass/warn/fail | ... |
## Findings
### Critical (must fix)
- **[file:line]** Issue. Suggested fix: ...
### Warning (should fix)
- **[file:line]** Issue. Suggested fix: ...
### Suggestion / Nit
- **[file:line]** Description.
## Missing
<expected but absent: tests, docs, error handling, migration>
If reviewing a PR and the verdict is REQUEST_CHANGES or COMMENT, offer to post the review:
# Post review comment on the PR
gh pr review "$PR_REF" --comment --body "$(cat "$REVIEW_FILE")"
# Or for blocking review
gh pr review "$PR_REF" --request-changes --body "$(cat "$REVIEW_FILE")"
Only post if the user confirms. Never auto-post a review without explicit approval.
When --deep is specified, after the initial SCORED pass, spawn a council for a second opinion:
/council validate "Review these changes for issues I might have missed: <summary of changes>"
Merge council findings into the review document under a "## Council Findings" section.
| Skill | Relationship |
|---|---|
/validate | Self-review (your own code). /review is for others' code. |
/council | Optional second opinion via --deep flag. |
/standards | Auto-loaded for language-specific rules. |
bug-hunt | /review does a structured pass; bug-hunt does deep investigation of suspected bugs. |
/validate --mode=pr | PR-specific validation (isolation, scope creep). Complementary to /review. |
This skill is the fold target for three retired skills. Their use-cases route here:
/review --bugs for the
scanner pass (references/BUG_SCANNER.md); for deep
investigation of a suspected bug, run the scanner findings through an
evidence-first root-cause loop (reproduce → isolate → fix → verify)./review --audit <domain> and
/review --deep-scan (references/DOMAIN_AUDIT.md,
references/DEEP_SCAN.md).ubs scanner binary is on
PATH, run it over the diff and triage its findings into the SCORED pass
(see references/audit-and-mock-sweeps.md).references/review.feature — Executable spec: risk-ranked diff review, mock/stub detection, bug scan, result.json (soc-qk4b)
references/MOCK_FINDER.md — Find stubs, mocks, placeholders, TODOs
references/BUG_SCANNER.md — Bug scanner: null derefs, leaks, security
references/DOMAIN_AUDIT.md — Domain-parameterized audit (security, perf, UX, API, CLI)
references/DEEP_SCAN.md — Iterative audit-fix-rescan cycle
npx claudepluginhub boshu2/agentops --plugin agentopsReviews code changes for correctness, readability, architecture, security, and performance. Checks lint, type safety, test coverage, and security issues. Use for PRs, audits, or pre-merge reviews.
Reviews local changes, PRs/MRs, or branch diffs against project coding guidelines using 5-7 parallel review agents (bug detection, security/logic, guideline compliance, code simplification, test coverage, contract quality). High-signal findings only.
Code review with semantic diffs, expert routing by file type, and auto-task creation for critical issues. Works on staged changes, files, or PRs.