Code Review Automation Capability Pack Skill
Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.
Open the source and read safety notes before installing.
Prerequisites
- Repository access and PR diff
- Security severity policy
- Test/lint/typecheck commands
Schema details
- Install type
- package
- Reading time
- 9 min
- Difficulty score
- 88
- Troubleshooting
- Yes
- Breaking changes
- No
- Package verified
- Yes
- SHA-256
- 5e2a8567d4a88913443a4a9e76823180775eb767e51770c0a3c8ca5e39ffe59b
- Skill type
- capability-pack
- Skill level
- expert
- Verification
- validated
- Verified at
- 2026-04-11
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the code review automation capability pack to this PR."
# Required output
1) Risk-ranked findings (P0-P3) with evidence
2) Exploitability notes and blast-radius estimate
3) Minimal patch plan grouped by file ownership
4) Post-fix validation checklistAbout this resource
Knowledge Freshness
This capability pack is pinned to documentation verified on 2026-04-11. Refresh references before using this skill for critical production decisions.
Retrieval Sources
- https://docs.github.com/en/pull-requests
- https://owasp.org/www-project-top-ten/
- https://cheatsheetseries.owasp.org/
Core Workflow
- Build threat model from changed files and data boundaries.
- Classify findings by exploitability and operational impact.
- Remove low-confidence noise before presenting blockers.
- Produce minimal, file-scoped patch plan with validation gates.
- Re-check changed attack surfaces after fixes land.
Overview
This skill teaches agents to perform fast, low-noise code reviews that mimic senior reviewer behavior: clear severity, concrete evidence, and fix-first recommendations.
Capability Scope
- PR diff triage and risk scoring
- Security and reliability regression detection
- False-positive suppression rules
- Patch-plan generation with owner mapping
- Post-fix verification guidance
Compatibility
Native
- Claude Code / Claude: native skill usage via
SKILL.md. - Codex/OpenAI workflows: compatible with Agent Skills-style
SKILL.mdcontent as reusable workflow instructions.
Manual Adaptation
- Gemini CLI: native skill usage via
.gemini/skills/<skill-name>/SKILL.mdor.agents/skills/<skill-name>/SKILL.mdwhere supported. - Cursor: use the generated
.cursor/rules/*.mdcadapter for project rules. - OpenClaw and similar agents: use the same skill content as a reusable prompt/workflow file when native skill import is unavailable.
Production Rules
- Do not block merges on low-confidence findings.
- Require concrete code evidence for every high-severity claim.
- Separate exploitability from style concerns.
- Always include rollback or quick-mitigation options.
Troubleshooting
Issue: Too many low-signal findings
Fix: tighten rule set to changed files and critical paths first.
Issue: Security findings lack proof
Fix: require request/response, data-flow, or control-path evidence.
Issue: Patch plan is too broad
Fix: break by file ownership and dependency boundary.
Output Contract
- Risk-ranked findings with direct evidence.
- Priority fix plan with smallest safe diff.
- Validation commands and pass criteria.
- Remaining residual risks and follow-ups.
Validation Checklist
- Confirm findings map to changed code.
- Run test/lint/typecheck after patch.
- Re-check auth, input validation, and data handling paths.
- Verify no new critical findings introduced by fixes.
Source citations
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.