Back to Details

skill-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Skill Review Skill

Skill Review 技能

Overview

概述

The skill-review skill provides a comprehensive, systematic process for auditing skills in the claude-skills repository. It combines automated technical validation with AI-powered verification to ensure skills remain accurate, current, and high-quality.
Use this skill when:
  • Investigating suspected issues in a skill
  • Major package version updates released (e.g., better-auth 1.x → 2.x)
  • Skill last verified >90 days ago
  • Before submitting skill to marketplace
  • User reports errors following skill instructions
  • Examples seem outdated or contradictory
Production evidence: Successfully audited better-auth skill (2025-11-08), found 6 critical/high issues including non-existent API imports, removed 665 lines of incorrect code, implemented v2.0.0 with correct patterns.
s skill-review skill为审核claude-skills仓库中的skill提供了一套全面、系统的流程。它结合了自动化技术校验和AI驱动的验证能力,确保skill始终准确、最新且高质量。
适用场景
  • 排查skill中疑似存在的问题
  • 重大包版本发布更新(例如better-auth 1.x → 2.x)
  • skill上次验证时间超过90天
  • 向市场提交skill之前
  • 用户反馈按照skill指引操作出现错误
  • 示例看起来过时或存在矛盾
生产验证案例:已成功审计better-auth skill(2025-11-08),发现6个严重/高优问题,包括不存在的API导入,移除了665行错误代码,按照正确模式实现了v2.0.0版本。

Quick Start

快速开始

Invoke via Slash Command

通过斜杠命令调用

/review-skill <skill-name>
Example:
/review-skill better-auth
/review-skill <skill-name>
示例
/review-skill better-auth

Invoke via Skill (Proactive)

通过Skill主动触发

When Claude notices potential issues, it can suggest:
User: "I'm having trouble with better-auth and D1"

Claude: "I notice the better-auth skill was last verified 6 months ago.
Would you like me to review it? Better-auth recently released v1.3
with D1 changes."
当Claude发现潜在问题时,会主动建议:
用户:"我在使用better-auth和D1的时候遇到了问题"

Claude:"我注意到better-auth skill上次验证是6个月前。better-auth最近发布了v1.3版本,对D1做了改动。你需要我审核这个skill吗?"

What This Skill Does

该技能的功能

9-Phase Systematic Audit

9阶段系统审计

  1. Pre-Review Setup (5-10 min)
    • Install skill locally: 
      ./scripts/install-skill.sh <skill-name>
    • Check current version and last verified date
    • Test skill discovery
  2. Standards Compliance (10-15 min)
    • Validate YAML frontmatter (name, description, license)
    • Check keyword comprehensiveness
    • Verify third-person description style
    • Ensure directory structure matches spec
  3. Official Documentation Verification (15-30 min)
    • Use Context7 MCP or WebFetch to verify API patterns
    • Check GitHub for recent updates and issues
    • Verify package versions against npm registry
    • Compare with production repositories
  4. Code Examples & Templates Audit (20-40 min)
    • Verify import statements exist in current packages
    • Check API method signatures match official docs
    • Ensure schema consistency across files
    • Test templates build and run
  5. Cross-File Consistency (15-25 min)
    • Compare SKILL.md vs README.md examples
    • Verify "Bundled Resources" section matches actual files
    • Ensure configuration examples consistent
  6. Dependencies & Versions (10-15 min)
    • Run 
      ./scripts/check-versions.sh <skill-name>
    • Check for breaking changes in package updates
    • Verify "Last Verified" date is recent
  7. Issue Categorization (10-20 min)
    • Classify by severity: 🔴 Critical / 🟡 High / 🟠 Medium / 🟢 Low
    • Document with evidence (GitHub URL, docs link, npm changelog)
  8. Fix Implementation (30 min - 4 hours)
    • Auto-fix unambiguous issues
    • Ask user only for architectural decisions
    • Update all affected files consistently
    • Bump version if breaking changes
  9. Post-Fix Verification (10-15 min)
    • Test skill discovery
    • Verify templates work
    • Check no contradictions remain
    • Commit with detailed changelog
  1. 审核前准备 (5-10分钟)
    • 本地安装skill:
      ./scripts/install-skill.sh <skill-name>
    • 检查当前版本和上次验证日期
    • 测试skill发现能力
  2. 标准合规性检查 (10-15分钟)
    • 校验YAML前言(名称、描述、许可证)
    • 检查关键词完整性
    • 验证第三人称描述风格
    • 确保目录结构符合规范
  3. 官方文档验证 (15-30分钟)
    • 使用Context7 MCP或WebFetch验证API模式
    • 查看GitHub上的近期更新和issue
    • 对照npm registry验证包版本
    • 与生产仓库进行比对
  4. 代码示例与模板审计 (20-40分钟)
    • 验证导入语句在当前包中真实存在
    • 检查API方法签名与官方文档一致
    • 确保跨文件的schema一致性
    • 测试模板可以正常构建和运行
  5. 跨文件一致性检查 (15-25分钟)
    • 比对SKILL.md和README.md中的示例
    • 验证「捆绑资源」部分与实际文件匹配
    • 确保配置示例一致
  6. 依赖与版本检查 (10-15分钟)
    • 执行
      ./scripts/check-versions.sh <skill-name>
    • 检查包更新中的破坏性变更
    • 验证「上次验证」日期为近期
  7. 问题分类 (10-20分钟)
    • 按严重性分类:🔴 严重 / 🟡 高优 / 🟠 中优 / 🟢 低优
    • 留存证据记录(GitHub URL、文档链接、npm更新日志)
  8. 修复实现 (30分钟 - 4小时)
    • 自动修复无歧义的问题
    • 仅在需要架构决策时询问用户
    • 统一更新所有受影响的文件
    • 如果存在破坏性变更则升级版本号
  9. 修复后验证 (10-15分钟)
    • 测试skill发现能力
    • 验证模板正常工作
    • 检查不存在遗留矛盾
    • 提交包含详细变更日志的commit

Automated Checks (via script)

自动化检查(通过脚本)

The skill runs 
./scripts/review-skill.sh <skill-name>
which checks:
  • ✅ YAML frontmatter syntax and required fields
  • ✅ Package version currency (npm)
  • ✅ Broken links (HTTP status)
  • ✅ TODO markers in code
  • ✅ File organization (expected directories exist)
  • ✅ "Last Verified" date staleness
该技能会执行
./scripts/review-skill.sh <skill-name>
,检查以下内容:
  • ✅ YAML前言语法和必填字段
  • ✅ 包版本时效性(npm)
  • ✅ 损坏链接(HTTP状态)
  • ✅ 代码中的TODO标记
  • ✅ 文件组织(预期目录存在)
  • ✅ 「上次验证」日期是否过期

Manual Verification (AI-powered)

人工验证(AI驱动)

Claude performs:
  • 🔍 API method verification against official docs
  • 🔍 GitHub activity and issue checks
  • 🔍 Production repository comparisons
  • 🔍 Code example correctness
  • 🔍 Schema consistency validation
Claude会执行:
  • 🔍 对照官方文档验证API方法
  • 🔍 检查GitHub活动和issue
  • 🔍 生产仓库比对
  • 🔍 代码示例正确性
  • 🔍 Schema一致性校验

Process Workflow

流程工作流

Step 1: Run Automated Checks

步骤1:运行自动化检查

bash
./scripts/review-skill.sh <skill-name>
Interpret output to identify technical issues.
bash
./scripts/review-skill.sh <skill-name>
解读输出结果,识别技术问题。

Step 2: Execute Manual Verification

步骤2:执行人工验证

For Phase 3: Official Documentation Verification:
  1. Use Context7 MCP (if available):
    Use Context7 to fetch: /websites/<package-docs>
Search for: [API method from skill]
  2. Or use WebFetch:
    Fetch: https://<official-docs-url>
Verify: [specific patterns]
  3. Check GitHub:
    Visit: https://github.com/<org>/<repo>/commits/main
Check: Last commit, recent changes
Search issues: [keywords from skill]
  4. Find production examples:
    WebSearch: "<package> cloudflare production github"
Compare: Do real projects match our patterns?
For Phase 4: Code Examples Audit:
  • Verify all imports exist (check official docs)
  • Check API method signatures match
  • Ensure schema consistency across files
  • Test templates actually work
针对阶段3:官方文档验证
  1. 优先使用Context7 MCP(如果可用):
    使用Context7获取:/websites/<package-docs>
搜索:[skill中的API方法]
  2. 或使用WebFetch:
    获取:https://<official-docs-url>
验证:[特定模式]
  3. 检查GitHub:
    访问:https://github.com/<org>/<repo>/commits/main
检查:最近一次commit、近期变更
搜索issue:[skill中的关键词]
  4. 查找生产示例:
    网页搜索:"<package> cloudflare production github"
比对:真实项目是否与我们的模式匹配?
针对阶段4:代码示例审计
  • 验证所有导入真实存在(检查官方文档)
  • 检查API方法签名匹配
  • 确保跨文件的schema一致性
  • 测试模板确实可以正常工作

Step 3: Categorize Issues

步骤3:问题分类

🔴 CRITICAL - Breaks functionality:
  • Non-existent API methods/imports
  • Invalid configuration
  • Missing required dependencies
🟡 HIGH - Causes confusion:
  • Contradictory examples across files
  • Inconsistent patterns
  • Outdated major versions
🟠 MEDIUM - Reduces quality:
  • Stale minor versions (>90 days)
  • Missing documentation sections
  • Incomplete error lists
🟢 LOW - Polish issues:
  • Typos, formatting inconsistencies
  • Missing optional metadata
🔴 严重 - 破坏功能:
  • 不存在的API方法/导入
  • 无效配置
  • 缺少必填依赖
🟡 高优 - 造成混淆:
  • 跨文件的示例矛盾
  • 不一致的模式
  • 过时的主版本
🟠 中优 - 降低质量:
  • 过期的次版本(>90天)
  • 缺失文档章节
  • 不完整的错误列表
🟢 低优 - 优化问题:
  • 拼写错误、格式不一致
  • 缺失可选元数据

Step 4: Fix Issues

步骤4:修复问题

Auto-fix when:
  • ✅ Fix is unambiguous (correct import from docs)
  • ✅ Evidence is clear
  • ✅ No architectural impact
Ask user when:
  • ❓ Multiple valid approaches
  • ❓ Breaking change decision
  • ❓ Architectural choice
Format for questions:
I found [issue]. There are [N] approaches:

1. [Approach A] - [Pros/Cons]
2. [Approach B] - [Pros/Cons]

Recommendation: [Default based on evidence]

Which would you prefer?
自动修复适用于:
  • ✅ 修复方案无歧义(文档中明确的正确导入)
  • ✅ 证据清晰
  • ✅ 无架构层面影响
询问用户适用于:
  • ❓ 存在多个有效方案
  • ❓ 需要决定是否接受破坏性变更
  • ❓ 涉及架构选择
问题询问格式
我发现了[问题]。有[N]种解决方案:

1. [方案A] - [优缺点]
2. [方案B] - [优缺点]

建议:[基于证据的默认方案]

你更倾向于哪一种?

Step 5: Version Bump Assessment

步骤5:版本升级评估

If breaking changes:
  • Major: v1.0.0 → v2.0.0 (API patterns change)
  • Minor: v1.0.0 → v1.1.0 (new features, backward compatible)
  • Patch: v1.0.0 → v1.0.1 (bug fixes only)
如果存在破坏性变更:
  • 主版本:v1.0.0 → v2.0.0(API模式变更)
  • 次版本:v1.0.0 → v1.1.0(新增功能,向后兼容)
  • 补丁版本:v1.0.0 → v1.0.1(仅bug修复)

Step 6: Generate Audit Report

步骤6:生成审计报告

markdown
undefined
markdown
undefined

Skill Review Report: <skill-name>

Skill审核报告:<skill-name>

Date: YYYY-MM-DD Trigger: [Why review performed] Time Spent: [Duration]
日期:YYYY-MM-DD 触发原因:[执行审核的原因] 耗时:[时长]

Findings

发现问题

🔴 CRITICAL (N): [List with evidence] 🟡 HIGH (N): [List with evidence] 🟠 MEDIUM (N): [List with evidence] 🟢 LOW (N): [List with evidence]
🔴 严重(N个):[带证据的问题列表] 🟡 高优(N个):[带证据的问题列表] 🟠 中优(N个):[带证据的问题列表] 🟢 低优(N个):[带证据的问题列表]

Remediation

修复方案

Files Modified: [List] Version Update: [old] → [new] Breaking Changes: Yes/No
修改的文件:[列表] 版本更新:[旧版本] → [新版本] 破坏性变更:是/否

Verification

验证结果

✅ Discovery test passed ✅ Templates work ✅ Committed: [hash]
✅ 发现测试通过 ✅ 模板正常工作 ✅ 已提交:[commit hash]

Recommendation

建议

[Final assessment]

---
[最终评估]

---

Example: better-auth Audit

示例:better-auth审计

Findings

发现问题

Issue #1: Non-existent d1Adapter 🔴 CRITICAL
Location: 
references/cloudflare-worker-example.ts:17
Problem: Imports 
d1Adapter
from 
'better-auth/adapters/d1'
which doesn't exist
Evidence:
Fix: Replace with 
drizzleAdapter
from 
'better-auth/adapters/drizzle'
问题#1:不存在的d1Adapter 🔴 严重
位置
references/cloudflare-worker-example.ts:17
问题:从
'better-auth/adapters/d1'
导入
d1Adapter
,但该导入不存在
证据
修复方案:替换为从
'better-auth/adapters/drizzle'
导入的
drizzleAdapter

Result

结果

  • Files deleted: 3 (obsolete patterns)
  • Files created: 3 (correct patterns)
  • Lines changed: +1,266 net
  • Version: v1.0.0 → v2.0.0
  • Time: 3.5 hours
  • 删除的文件:3个(过时模式)
  • 新建的文件:3个(正确模式)
  • 变更行数:净增加1266行
  • 版本:v1.0.0 → v2.0.0
  • 耗时:3.5小时

Bundled Resources

捆绑资源

This skill references:
  1. planning/SKILL_REVIEW_PROCESS.md
     - Complete 9-phase manual guide
  2. scripts/review-skill.sh
     - Automated validation script
  3. .claude/commands/review-skill.md
     - Slash command definition
该技能引用以下资源:
  1. planning/SKILL_REVIEW_PROCESS.md
     - 完整的9阶段人工指南
  2. scripts/review-skill.sh
     - 自动化校验脚本
  3. .claude/commands/review-skill.md
     - 斜杠命令定义

When Claude Should Invoke This Skill

Claude触发该技能的场景

Proactive triggers:
  • User mentions skill seems outdated
  • Package major version mentioned
  • User reports errors following skill
  • Checking metadata shows >90 days since verification
Explicit triggers:
  • "review the X skill"
  • "audit better-auth skill"
  • "is cloudflare-worker-base up to date?"
  • "check if tailwind-v4-shadcn needs updating"
主动触发
  • 用户提到skill看起来过时
  • 提到包的主版本更新
  • 用户反馈按照skill操作出现错误
  • 检查元数据发现距离上次验证超过90天
显式触发
  • "review the X skill"
  • "audit better-auth skill"
  • "cloudflare-worker-base是否是最新的?"
  • "检查tailwind-v4-shadcn是否需要更新"

Token Efficiency

Token效率

Without this skill: ~25,000 tokens
  • Trial-and-error verification
  • Repeated doc lookups
  • Inconsistent fixes across files
  • Missing evidence citations
With this skill: ~5,000 tokens
  • Systematic process
  • Clear decision trees
  • Evidence-based fixes
  • Comprehensive audit trail
Savings: ~80% (20,000 tokens)
不使用该技能:约25,000 tokens
  • 反复试错验证
  • 重复的文档查询
  • 跨文件的修复不一致
  • 缺失证据引用
使用该技能:约5,000 tokens
  • 系统化流程
  • 清晰的决策树
  • 基于证据的修复
  • 全面的审计轨迹
节省:约80%(20,000 tokens)

Common Issues Prevented

可预防的常见问题

  1. Fake API adapters - Non-existent imports
  2. Stale API methods - Changed signatures
  3. Schema inconsistency - Different table names
  4. Outdated scripts - Deprecated approaches
  5. Version drift - Packages >90 days old
  6. Contradictory examples - Multiple conflicting patterns
  7. Broken links - 404 documentation URLs
  8. YAML errors - Invalid frontmatter syntax
  9. Missing keywords - Poor discoverability
  10. Incomplete bundled resources - Listed files don't exist
  1. 伪造的API适配器 - 不存在的导入
  2. 过时的API方法 - 变更的签名
  3. Schema不一致 - 不同的表名
  4. 过时的脚本 - 废弃的实现方式
  5. 版本漂移 - 包超过90天未更新
  6. 矛盾的示例 - 多个冲突的实现模式
  7. 损坏的链接 - 404的文档URL
  8. YAML错误 - 无效的前言语法
  9. 缺失关键词 - 可发现性差
  10. 不完整的捆绑资源 - 列出的文件不存在

Best Practices

最佳实践

  1. Always cite sources - GitHub URL, docs link, npm changelog
  2. No assumptions - Verify against current official docs
  3. Be systematic - Follow all 9 phases
  4. Fix consistency - Update all files, not just one
  5. Document thoroughly - Detailed commit messages
  6. Test after fixes - Verify skill still works
  1. 始终引用来源 - GitHub URL、文档链接、npm更新日志
  2. 不做假设 - 对照当前官方文档验证
  3. 系统化执行 - 遵循全部9个阶段
  4. 保持修复一致性 - 更新所有相关文件,而非仅修改一处
  5. 完整记录 - 详细的commit信息
  6. 修复后测试 - 验证skill仍可正常工作

Known Limitations

已知限制

  • Link checking requires network access
  • Package version checks need npm installed
  • Context7 MCP availability varies by package
  • Production repo search may need GitHub API
  • Manual phases require human judgment
  • 链接检查需要网络访问
  • 包版本检查需要安装npm
  • Context7 MCP的可用性因包而异
  • 生产仓库搜索可能需要GitHub API
  • 人工阶段需要人为判断

Version History

版本历史

v1.0.0 (2025-11-08)
  • Initial release
  • 9-phase systematic audit process
  • Automated script + manual guide
  • Slash command + skill wrapper
  • Production-tested on better-auth v2.0.0 audit
v1.0.0 (2025-11-08)
  • 首次发布
  • 9阶段系统审计流程
  • 自动化脚本 + 人工指南
  • 斜杠命令 + skill封装
  • 在better-auth v2.0.0审计中经过生产验证

Additional Resources

额外资源

Last verified: 2025-11-08 | Version: 1.0.0
上次验证:2025-11-08 | 版本:1.0.0