Review methodology for code changes with confidence scoring. Use when spawning reviewer agents, rating issue severity (P1-P4), or scoring review confidence.
Reviews code changes with confidence-scored findings using severity ratings and evidence-based methodology.
npx claudepluginhub tenzir/claude-pluginsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Review code changes with confidence-scored findings. This skill defines the methodology for specialized reviewers.
Rate each finding's impact independently from confidence:
| Severity | Emoji | Impact |
|---|---|---|
| P1 | 🔴 | Critical — security, data loss, crashes |
| P2 | 🟠 | Important — broken features, significant bugs |
| P3 | 🟡 | Minor — edge cases, small bugs, inconsistencies |
| P4 | ⚪ | Trivial — cosmetic, style, optional |
Score certainty that the finding is real on a 0-100 scale:
| Score | Certainty | Meaning |
|---|---|---|
| 91-100 | Very high | Definitely an issue |
| 81-90 | High | Almost certainly an issue |
| 71-80 | Moderate | Likely an issue |
| Below 70 | Low | Possibly a false positive |
Only report findings with confidence 80 or higher.
Confidence measures certainty; severity measures impact. Examples:
Deduct points for:
Write findings to a markdown file in the review directory.
Each finding gets a unique ID with a 3-letter prefix and sequence number:
| Reviewer | Prefix | Example |
|---|---|---|
| security | SEC | SEC-1 |
| arch | ARC | ARC-1 |
| tests | TST | TST-1 |
| ux | UXD | UXD-1 |
| readability | RDY | RDY-1 |
| docs | DOC | DOC-1 |
| performance | PRF | PRF-1 |
| github | GIT | GIT-1 |
Number findings sequentially starting at 1.
# <Aspect> Review
## Summary
Brief overall assessment (2-3 sentences).
## Findings
### SEC-1 · P1 · SQL injection vulnerability · 95%
- **File**: `path/to/file.ts:45-52`
- **Issue**: User input passed directly to SQL query
- **Reasoning**: Variable `userInput` from request body is string-concatenated
into the SQL query at line 47 without sanitization or parameterization.
- **Evidence**:
```ts
const query = "SELECT * FROM users WHERE id = " + userInput;
```
This pattern allows arbitrary SQL injection via the `id` parameter.
- **Suggestion**: Use parameterized queries with `$1` placeholder.
### SEC-2 · P3 · Missing null check · 85%
- **File**: `path/to/file.ts:120`
- **Issue**: Function assumes `config.timeout` is always defined
- **Reasoning**: `config` comes from user input via `loadConfig()` which returns
partial objects. The `timeout` property is optional per the type definition.
- **Evidence**:
```ts
const delay = config.timeout * 1000; // crashes if timeout is undefined
```
Type shows: `interface Config { timeout?: number }` — optional field.
- **Suggestion**: Add nullish coalescing: `(config.timeout ?? 30) * 1000`
Each finding must include:
| Field | Purpose |
|---|---|
| File | Location with line numbers |
| Issue | What's wrong (one sentence) |
| Reasoning | Why this is a problem (logical argument) |
| Evidence | Concrete proof (code snippet, type info, behavior) |
| Suggestion | How to fix it |
The ### {ID} · P{n} · title · {n}% header pattern enables tracking and filtering.
Confidence score directly reflects evidence strength:
| Confidence | Evidence Quality |
|---|---|
| 91-100 | Definitive proof (code snippet + demonstrated impact) |
| 81-90 | Strong evidence (code shows the pattern clearly) |
| 71-80 | Moderate (reasoning sound but evidence indirect) |
If you cannot provide concrete evidence, reconsider whether to report the finding.
A finding is actionable when:
Avoid reporting:
Focus on changed code. Do not emit findings for:
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Expert guidance for Next.js Cache Components and Partial Prerendering (PPR). **PROACTIVE ACTIVATION**: Use this skill automatically when working in Next.js projects that have `cacheComponents: true` in their next.config.ts/next.config.js. When this config is detected, proactively apply Cache Components patterns and best practices to all React Server Component implementations. **DETECTION**: At the start of a session in a Next.js project, check for `cacheComponents: true` in next.config. If enabled, this skill's patterns should guide all component authoring, data fetching, and caching decisions. **USE CASES**: Implementing 'use cache' directive, configuring cache lifetimes with cacheLife(), tagging cached data with cacheTag(), invalidating caches with updateTag()/revalidateTag(), optimizing static vs dynamic content boundaries, debugging cache issues, and reviewing Cache Component implementations.