Code Review

Superpowers is a complete software development workflow library for AI coding assistants. It provides structured skills for test-driven development, systematic debugging, brainstorming, implementation planning, code review, and subagent-driven development. The skills enforce disciplined practices through mandatory workflows and integrate with Claude Code, OpenCode, and Codex platforms.

Audit an Anthropic Cookbook notebook based on a rubric. Use whenever a notebook review or audit is requested.

Code Review Excellence is a comprehensive guide for conducting effective code reviews. It provides detailed methodologies for reviewing pull requests including checklists for security, performance, and testing, along with templates for feedback and techniques for giving constructive criticism while maintaining team morale.

This skill provides extensive patterns and best practices for authentication implementation (JWT, OAuth2, sessions), monorepo management (Turborepo, Nx, Bazel), debugging strategies, E2E testing with Playwright/Cypress, error handling, Git workflows, and code review excellence. It serves as a reference guide for building secure, scalable applications.

Pre-implementation confidence assessment (≥90% required). Use before starting any implementation to verify readiness with duplicate check, architecture compliance, official docs verification, OSS references, and root cause identification.

Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always

Use when executing implementation plans with independent tasks in the current session

Use when completing tasks, implementing major features, or before merging to verify work meets requirements

Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation

Use when you have a written implementation plan to execute in a separate session with review checkpoints

This skill provides a structured file-based todo tracking system for managing code review feedback, technical debt, and feature requests. Each todo is a markdown file with YAML frontmatter stored in a todos/ directory, supporting workflows for creation, triage, dependency tracking, and completion.

A code review skill that launches multiple AI agents to audit pull requests for bugs and guideline compliance, filtering results by confidence score to reduce false positives.

Feature Development provides a structured 7-phase workflow for building new features: discover requirements, explore the codebase with specialized agents, clarify ambiguities, design architecture, implement with approval, review quality, and summarize results. Uses code-explorer, code-architect, and code-reviewer agents in parallel for thorough analysis.

Comprehensive PR review toolkit with 6 specialized agents for analyzing code comments, test coverage, error handling, type design, code quality, and simplification. Each agent focuses on a specific aspect of code quality and provides actionable feedback.

Guides blockchain auditors through verifying that smart contract code implements exactly what specification documents describe. Uses a 6-phase methodology with intermediate representations to systematically compare whitepapers and design docs against actual code implementation, identifying gaps, mismatches, and undocumented behavior.

Sharp Edges is a security analysis skill that identifies error-prone APIs, dangerous configurations, and footgun designs that enable developer mistakes. It provides comprehensive reference documentation covering cryptographic API pitfalls, configuration security patterns, authentication footguns, and language-specific sharp edges across 11 programming languages.

A differential analysis skill for verifying that git commits properly address security audit findings. It helps map code changes to specific findings (like TOB-XXX format), detect potential bug introductions, and generate comprehensive fix review reports.

A comprehensive security-focused code review skill for analyzing pull requests, commits, and diffs. It uses git history for context, calculates blast radius of changes, checks test coverage, performs adversarial vulnerability analysis, and generates detailed markdown security reports with findings and recommendations.

A comprehensive smart contract development advisor based on Trail of Bits' best practices. It systematically analyzes blockchain codebases to review architecture, check upgradeability patterns, identify common security pitfalls, assess dependencies, and evaluate testing coverage, providing prioritized recommendations for improvement.

This skill systematically assesses codebase maturity using Trail of Bits' Building Secure Contracts framework. It evaluates 9 categories including arithmetic safety, access controls, complexity management, documentation, and testing, producing a detailed scorecard with ratings (0-4) and actionable improvement recommendations.

This skill helps developers prepare their codebase for professional security audits using Trail of Bits' checklist methodology. It runs static analysis tools appropriate to your platform (Solidity, Rust, Go), analyzes test coverage, identifies dead code, and generates comprehensive documentation including flowcharts, user stories, and glossaries.

Use this when user wants you to walk through (code or text) files in a EDITOR to either explain how some code works, or to show the user what changes you made, etc. You would typically use this repeatedly to show the user your changes or code files one by one, sometimes with specific line-numbers. This way the user is easily able to follow along in their favorite EDITOR as you point at various files possibly at specific line numbers within those files.

This skill provides comprehensive accessibility guidelines for fixing UI issues. It offers a structured checklist covering accessible names, keyboard access, focus management, semantics, forms, announcements, contrast, and media. Use it to review files against WCAG standards and get targeted fix suggestions.

Baseline UI is a style guide skill that enforces opinionated UI constraints to prevent common AI-generated interface issues. It provides rules for Tailwind CSS usage, animation best practices, accessibility requirements, and component patterns. The skill can review files against these constraints and suggest fixes.

A comprehensive guide for integrating Google Gemini CLI into your code review workflow. Covers installation, authentication options, interactive and headless usage modes, and CI/CD integration with GitHub Actions and GitLab. Leverages Gemini 2.5 Pro's 1M token context window for analyzing large codebases.

A developer workflow skill that helps maintain clean git history through atomic commits, manageable PR sizes, and clear commit messages. Provides thresholds, bash script templates, and Claude integration patterns for suggesting when to commit during development sessions.

This skill provides comprehensive documentation for using OpenAI's Codex CLI to perform automated code reviews. It covers installation, authentication, interactive and headless usage modes, and includes ready-to-use CI/CD integration examples for GitHub Actions, GitLab CI, and Jenkins pipelines.

A comprehensive code review skill that enforces automated code reviews before commits and deployments. It supports multiple AI engines (Claude, OpenAI Codex, Google Gemini) and provides integration patterns for pre-commit hooks and GitHub Actions CI/CD pipelines.

This skill teaches users how to use git notes to attach metadata to commits without modifying Git history. It covers adding review status, test results, and audit trails to commits, along with sharing notes between team members and preserving notes through rebases.

A specification alignment tool that monitors for drift between specifications and implementation during development. It detects scope creep, missing features, and contradictions, then logs decisions to spec README files for traceability and conscious decision-making.