Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
Augments Claude Code's native code review with plan-vs-implementation scope-drift comparison, evidence-backed findings, and proactive vulnerability/error search.
How this skill is triggered — by the user, by Claude, or both
Slash command
/controlflow-claude-code:controlflow-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
ControlFlow Review is a **layer over** Claude Code's native review capabilities, not a
ControlFlow Review is a layer over Claude Code's native review capabilities, not a
replacement. Mechanical and style review (lint-class issues, formatting, rote pattern
checks) belong to native /code-review and security-review. This skill adds only what
native review does not provide: plan-vs-implementation scope-drift comparison,
evidence-backed finding discipline, and proactive vulnerability/error search.
Invoke this skill via /controlflow-claude-code:controlflow-review.
/code-review (or security-review for security-focused work) first for the
mechanical pass; this skill consumes and augments its output rather than duplicating it.plans/<task-slug>-plan.md, read it. Track every phase acceptance
criterion and file the plan said it would touch — anything implemented but not planned,
or planned but not implemented, is a scope-drift finding./code-review (or security-review)
and collect its findings.Prioritize correctness/functionality, security, data integrity, regression risk, and
contract drift before style. Maintainability/style comments should support a behavioral
risk, not bury one — and the mechanical side of style is native /code-review's job.
Go beyond reactive review of the diff:
Use Nit, Optional, and FYI only after blocking findings. These are not severity
levels and must not hide correctness, security, or test-coverage defects.
Large reviews lose signal. When a diff is much larger than roughly 100 changed lines or mixes unrelated concerns, ask for a split or review by file area and risk axis with an explicit confidence limit.
FYI when the untested behavior can regress./code-review's mechanical pass — delegate it.references/review-checklist.mdreferences/validation-status.mdreferences/evidence-discipline.mdreferences/security-review-discipline.md../controlflow-plan/references/llm-behavior-guidelines.mdnpx claudepluginhub smithbox-ai/controlflow --plugin controlflow-claude-codeValidates code changes against original plan using git diffs and full file reads, then launches parallel subagents for quality, security, and test coverage checks. Use post-implementation or /recheck.
Reviews code against plan and HOTL contracts after implementation, before merging. Dispatches a code-reviewer subagent or runs inline review.
Reviews code changes against approved plans/tasks to catch missing requirements, YAGNI violations, dead code, risky patterns before merging or Hive tasks.