Loading...
Loading...
Found 55 Skills
Use this skill when conducting or improving code reviews. Provides structured review processes, conventional comments patterns, language-specific checklists, and feedback templates. Use when reviewing PRs or standardizing review practices.
Security-first PR review checklist for this repo. Use when reviewing diffs/PRs, especially changes involving auth, networking, sensitive data, or dependency/lockfile updates. Focus on secret/PII leakage risk, supply-chain risk (npm + node_modules inspection), cross-platform architecture (extension/mobile/desktop/web), and React performance (hooks + re-render hotspots). Avoid UI style nitpicks. PR Review.
Review backend code for quality, security, maintainability, and best practices based on established checklist rules. Use when the user requests a review, analysis, or improvement of backend files (e.g., `.py`) under the `api/` directory. Do NOT use for frontend files (e.g., `.tsx`, `.ts`, `.js`). Supports pending-change review, code snippets review, and file-focused review.
Use this skill whenever performing security threat modeling, attack surface mapping, or trust boundary analysis on a codebase. Triggers on 'threat model', 'security review', 'attack surface', 'trust boundaries', or when assessing a project's security posture. Also trigger when the user is about to build security-sensitive features (auth, crypto, file I/O, network services, native bridges) and needs to understand the threat landscape first — even if they don't explicitly say "threat model." Also triggers on 'what changed' or 'diff analysis' for incremental security review of recent commits.
Analyze repository and suggest improvements
Conduct Pull Request code reviews, including comprehensive evaluations of code quality, security, performance, architectural rationality, etc. Activated when users request PR reviews or mention keywords like "review pr", "check PR", etc.
Run parallel quality reviews (React, SOLID, Security, Simplification, Slop) on branch changes and auto-fix issues
Sentry-specific security review based on real vulnerability history. Use when reviewing Sentry endpoints, serializers, or views for security issues. Trigger keywords: "sentry security review", "check for IDOR", "access control review", "org scoping", "cross-org", "security audit endpoint".
Comprehensive code review criteria covering correctness, readability, maintainability, security, performance, and testing. Reference when reviewing code changes or preparing code for review.
OpenHarmony Distributed Soft Bus Code Security Review Expert - Comprehensive inspection of C/C++ code against secure coding standards and logging specifications. Covers over 40 security rules, including key areas such as pointer safety, memory management, lock management, and sensitive information protection. Provides cross-file call analysis and control flow analysis, generating detailed code review reports. Only triggered when user input contains "软总线安全卫士" (Soft Bus Security Guard). ⚠️ Important: This skill is a read-only review tool and does not modify source files.
This skill should be used when the user asks to "audit this code", "deep analysis before security review", "build architectural context", "line-by-line code review", or needs ultra-granular analysis before vulnerability discovery. Provides structured context-building methodology with First Principles, 5 Whys, 5 Hows micro-analysis patterns.
A dedicated skill for security code review of OpenHarmony distributed systems. Triggered when users make requests such as "review code security implementation", "code security audit", "security code review" or similar distributed system code security review requests. This skill provides detailed review guidance for 18 security design rules for OpenHarmony distributed services, covering security areas such as authorization control, state machines, data transmission, permission management, and trusted relationships. Using this skill, you can conduct specialized security reviews for OpenHarmony distributed systems based on general cybersecurity rules.