Identifies, categorizes, and articulates code issues with brutal honesty and quantifiable specificity. Use when reviewing code, providing feedback, performing code audits, or when user needs direct assessment of code quality.
Performs brutally honest code reviews with specific line numbers, severity scores, and quantified evidence. Triggers when reviewing code, auditing PRs, or requesting direct quality assessment.
/plugin marketplace add mgd34msu/goodvibes-plugin/plugin install goodvibes@goodvibes-marketThis skill inherits all available tools. When active, it can use any tool Claude has access to.
references/brutal-phrasing.mdreferences/categorization.mdreferences/evidence-gathering.mdreferences/issue-patterns.mdSystematic methodology for identifying code problems and communicating them with precision, specificity, and quantifiable evidence. No hedging, no softening, no vague suggestions.
Full code critique:
Perform a brutally honest code critique of this file. Identify all issues with specific line numbers, categories, and severity scores.
Targeted review:
Review this function for violations. Name each code smell, cite the line, and score severity 1-10.
Pre-PR audit:
Audit this code before PR submission. List every issue that would fail review, with exact locations.
| Never Say | Always Say |
|---|---|
| "Perhaps consider..." | "This violates X because Y" |
| "It might be nice if..." | "Line 47 requires Z" |
| "Generally speaking..." | "Lines 23-89 contain 7 instances of X" |
| "Could be improved" | "Fails criterion X, scores 2/10" |
| "Seems a bit long" | "This is 200 lines - 4x the recommended maximum" |
| "Error handling could be better" | "Line 47 catches Error but ignores it" |
| "Changes require touching many files" | "This is Shotgun Surgery - 12 files need modification" |
Identify violations in code organization and architecture.
STRUCTURAL CHECKLIST
[ ] File length (>300 lines = violation)
[ ] Function length (>50 lines = violation)
[ ] Class responsibility count (>1 = violation)
[ ] Nesting depth (>3 levels = violation)
[ ] Parameter count (>4 = violation)
[ ] Return points (>3 per function = violation)
Output format:
STRUCTURAL VIOLATIONS: 7
1. FILE LENGTH: 487 lines (limit: 300, 62% over)
- Extract: lines 234-340 (user validation logic)
- Extract: lines 400-487 (formatting utilities)
2. FUNCTION: processOrder() at line 45 - 89 lines (limit: 50, 78% over)
- Cyclomatic complexity: 23 (limit: 10)
- Nesting depth: 5 levels (limit: 3)
Evaluate identifier quality with specific violations.
NAMING VIOLATIONS: 12
1. Line 23: `d` - Single letter variable (data? date? delta?)
2. Line 45: `handleStuff()` - Vague action verb
3. Line 67: `temp` - Meaningless temporary
4. Line 89: `data2` - Numeric suffix instead of meaning
5. Line 112: `doIt()` - Completely opaque purpose
Naming severity scale:
isValid returns void)x, temp, data)handle, process, doStuff)getUserData vs fetchUser)Find bugs, edge cases, and logical flaws.
LOGIC ISSUES: 5
1. Line 78: NULL DEREFERENCE - `user.name` accessed without null check
- user comes from getUserById() which returns null on miss
- Will throw at runtime when user not found
2. Line 112: OFF-BY-ONE - Loop iterates i <= array.length
- Last iteration accesses array[array.length] = undefined
- Should be i < array.length
3. Line 156: RACE CONDITION - Async write without await
- saveToDatabase() is async but not awaited
- Subsequent read may see stale data
Identify inefficiencies with quantified impact.
PERFORMANCE ISSUES: 4
1. Line 45-67: N+1 QUERY - Database called in loop
- 1 query per user, N users = N+1 total queries
- Current: ~200ms per user * 100 users = 20 seconds
- Fixed: 1 batch query = ~250ms total
- Impact: 80x improvement
2. Line 89: REDUNDANT COMPUTATION - filter().map() chain
- Array iterated twice, can be single reduce()
- Memory: 2x array allocation vs 1x
Flag vulnerabilities with severity ratings.
SECURITY VULNERABILITIES: 3
1. CRITICAL - Line 34: SQL INJECTION
- Query built with string concatenation: `"SELECT * FROM users WHERE id = " + userId`
- Exploitable: userId = "1; DROP TABLE users;--"
- Fix: Use parameterized queries
2. HIGH - Line 78: XSS VULNERABILITY
- User input rendered without escaping: innerHTML = userComment
- Fix: Use textContent or sanitize HTML
3. MEDIUM - Line 112: HARDCODED SECRET
- API key in source: `apiKey = "sk_live_abc123"`
- Fix: Environment variable
Consistency and convention issues.
STYLE VIOLATIONS: 18
1. Lines 23, 45, 67, 89: INCONSISTENT QUOTES
- 4 single quotes, rest of file uses double quotes
2. Lines 34-56: INCONSISTENT INDENTATION
- Mix of 2-space and 4-space indentation
3. Line 78: TRAILING WHITESPACE
- 4 trailing spaces
| Category | Description | Severity Weight |
|---|---|---|
| Security | Vulnerabilities, injection, exposure | x3 |
| Logic | Bugs, edge cases, incorrect behavior | x3 |
| Performance | Inefficiency, resource waste | x2 |
| Structural | Organization, complexity, coupling | x2 |
| Naming | Unclear, misleading identifiers | x1 |
| Style | Formatting, consistency | x1 |
Each issue gets a raw severity (1-10) multiplied by category weight.
WEIGHTED SEVERITY CALCULATION
Issue: SQL Injection at line 34
- Raw severity: 10 (critical exploitable vulnerability)
- Category: Security (weight: x3)
- Weighted score: 30
Issue: Vague variable name at line 23
- Raw severity: 4 (guessable meaning)
- Category: Naming (weight: x1)
- Weighted score: 4
QUALITY SCORE = 100 - (sum of weighted severities / lines of code * 10)
Example:
- File: 200 lines
- Total weighted severity: 85
- Score: 100 - (85/200 * 10) = 100 - 4.25 = 95.75/100
Interpretation:
- 90-100: Production ready, minor polish only
- 70-89: Acceptable with noted improvements
- 50-69: Significant issues, review required
- Below 50: Not production ready, major rework needed
## Code Critique: {filename}
**Quality Score: {X}/100** ({interpretation})
### Summary
- {N} critical issues requiring immediate fix
- {N} high-priority issues for this PR
- {N} medium issues to address soon
- {N} low-priority style/polish items
### Critical Issues
| # | Line | Category | Issue | Severity |
|---|------|----------|-------|----------|
| 1 | 34 | Security | SQL injection via string concatenation | 10 |
| 2 | 78 | Logic | Null dereference on user.name | 9 |
### High Priority
...
### Quantified Summary
- Lines of code: {N}
- Issues per 100 LOC: {N}
- Worst function: {name} at line {N} - {count} issues
- Most common violation: {type} - {count} occurrences
See references/brutal-phrasing.md for comprehensive phrasing examples.
The Pattern:
"{This is} [named problem]. {Evidence: specific location and count}. {Impact: what breaks}."
Examples:
"This is a God Class. UserManager has 47 methods across 1,200 lines handling auth, email, billing, and analytics. Changes to any feature risk breaking unrelated functionality."
"Line 67 has a resource leak. FileInputStream opened but never closed in finally block. Each call leaks one file descriptor; production will hit ulimit after ~1000 requests."
"This function violates SRP. processOrder() at line 45 does validation (lines 46-78), pricing (lines 79-112), inventory check (lines 113-145), and notification (lines 146-189). That's 4 distinct responsibilities in one 144-line function."
Every critique must include:
See references/evidence-gathering.md for detailed measurement techniques.
| Metric | Tool/Method | Threshold |
|---|---|---|
| Cyclomatic complexity | escomplex, radon | >10 = problem |
| Cognitive complexity | SonarQube | >15 = problem |
| Lines per function | wc -l | >50 = problem |
| Lines per file | wc -l | >300 = problem |
| Nesting depth | manual/lint | >3 = problem |
| Parameters per function | manual/lint | >4 = problem |
| Dependencies per module | madge | >10 = problem |
See references/issue-patterns.md for the complete catalog.
| Pattern | Detection | One-liner |
|---|---|---|
| God Class | >500 lines, >20 methods | "This class has {N} responsibilities; should have 1" |
| Shotgun Surgery | Change requires N files | "Modifying X requires touching {N} files" |
| Feature Envy | Method uses other class more | "This method accesses OtherClass {N} times, self {M} times" |
| Primitive Obsession | Strings for structured data | "Email/phone/money represented as raw strings {N} times" |
| Long Parameter List | >4 parameters | "Function takes {N} parameters; max recommended is 4" |
| Magic Numbers | Unexplained literals | "Lines {list} contain unexplained numeric literals" |
| Dead Code | Unreachable/unused | "Lines {N-M} are unreachable due to early return at line {X}" |
| Copy-Paste | Duplicated blocks | "Lines {A-B} duplicate lines {C-D} with {N}% similarity" |
1. File length check - over 300 lines?
2. Function length scan - any over 50 lines?
3. Complexity hotspots - deeply nested code?
4. Obvious violations - hardcoded values, console.logs?
5. Top 3 issues with line numbers
1. STRUCTURE - Run full structural scan
2. NAMING - Audit all identifiers in modified code
3. LOGIC - Trace happy path and 2 edge cases
4. SECURITY - Check all inputs/outputs
5. STYLE - Verify consistency
6. Generate quantified report
1. Run static analysis tools
2. Complete all 6 phases with full documentation
3. Calculate quality score
4. Generate dependency analysis
5. Document technical debt items
6. Produce remediation roadmap with effort estimates
### [{CATEGORY}] {Issue Name}
**Location:** `{file}:{line}` in `{function}()`
**Severity:** {N}/10 (weighted: {N*weight})
**Count:** {N} occurrence(s)
**Evidence:**
{Specific code snippet or measurement}
**Impact:**
{What breaks, fails, or degrades}
**Fix:**
{Specific remediation with example}
# Code Critique Report
## Metadata
- **File:** {path}
- **Lines:** {N}
- **Functions:** {N}
- **Review depth:** {Quick|Standard|Deep}
## Quality Score: {N}/100
## Issue Distribution
| Category | Count | Weighted Score |
|----------|-------|----------------|
| Security | {N} | {N} |
| Logic | {N} | {N} |
| Performance | {N} | {N} |
| Structural | {N} | {N} |
| Naming | {N} | {N} |
| Style | {N} | {N} |
| **Total** | **{N}** | **{N}** |
## Issues by Severity
- Critical (9-10): {N}
- High (7-8): {N}
- Medium (4-6): {N}
- Low (1-3): {N}
## Top 5 Issues
1. {Brief description with line number}
2. ...
## Detailed Findings
{Full issue entries}
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.