Run any Skill in Manus with one click

code-reviewer

Stars22

Forks3

UpdatedMay 15, 2026 at 04:37

6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

nguyenthienthanh

nguyenthienthanh/aura-frog

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Software Quality Assurance Analysts and TestersComputer and Mathematical Occupations·SOC 15-1253

SKILL.md

readonly

name	code-reviewer
description	6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.
autoInvoke	true
priority	high
triggers	["review code","code review","before merge"]
allowed-tools	Read, Grep, Glob, Bash
effort	high
user-invocable	false

AI-consumed reference. Optimized for Claude to read during execution. Human-readable explanation: see docs/architecture/HIERARCHICAL_PLANNING.md or docs/getting-started/ depending on topic.

Code Reviewer

Use after implementation, Phase 4, or before merge.

Process

git diff --name-only main...HEAD → changed files
Run 6-aspect review
Report + decision

6 Aspects

aspects[6]{aspect,weight,checks}:
  Security,CRITICAL,"Secrets, injection, auth gaps, CSRF/CORS"
  Architecture,HIGH,"SRP, coupling, wrong layer, edge cases"
  Error Handling,HIGH,"Unhandled rejections, empty catch, silent failures"
  Test Gaps,HIGH,"Untested critical paths, missing edge/boundary cases"
  Type Safety,MEDIUM,"Missing types, any usage, null gaps"
  Simplification,LOW,"Complex conditionals, deep nesting — only if harms readability"

Spend 60% on Security + Architecture + Edge Cases. Don't nitpick syntax — linters handle that.

Report

[ASPECT] [SEVERITY] file:line — description → Fix: recommendation

CRITICAL = block merge | WARNING = should fix | INFO = nice to have

Decision

APPROVED — 0 critical, ≤3 warnings
CHANGES REQUESTED — any critical finding

Scoring (prevents LGTM drift)

Per-aspect breakdown required. Anchors: 9-10 production-ready, 7-8 minor issues, 5-6 needs work, <5 changes requested.

Block Merge On

Hardcoded secrets, injection, missing auth on protected routes, breaking changes without migration.

Mandatory Verification for Claims (CoVe)

Before reporting "0 critical findings" / "N% coverage" / "tests pass", run the Chain-of-Verification protocol from skills/chain-of-verification/SKILL.md. Draft → plan 3–5 verification questions → answer via tool (Read/Grep/Bash) → revise. Per rules/workflow/chain-of-verification.md this is mandatory — reviews without verified claims are not acceptable.

Related Rules

rules/core/code-quality.md — Coverage, typing, error handling baseline
rules/core/naming-conventions.md — Naming patterns
rules/core/simplicity-over-complexity.md — YAGNI/DRY/KISS
rules/core/verification.md — Verify before approving
rules/core/prefer-established-libraries.md — Library choice review
rules/core/context-economy.md — Read only the diff hunks + immediate callers/callees, not whole files; use Grep to scope review evidence
rules/agent/sast-security-scanning.md — Security patterns
rules/agent/error-handling-standard.md — Error-handling review
rules/workflow/smart-commenting.md — Comment review (WHY not WHAT)
rules/workflow/cross-review-workflow.md — Builder ≠ Reviewer
rules/workflow/chain-of-verification.md — MANDATORY for factual claims in review output
rules/workflow/dual-llm-review.md — Second-opinion LLM for destructive-op / security-critical findings

More from this repository

same repository

agent-detector

nguyenthienthanh/aura-frog

CRITICAL: MUST run for EVERY message. Detects agent, complexity, AND model automatically. Without this, tasks route to wrong agents and use wrong models, degrading quality and wasting tokens.

2026-06-1022

problem-solving

nguyenthienthanh/aura-frog

5 techniques for different problem types. Use when stuck or facing complex challenges.

2026-06-1022

sequential-thinking

nguyenthienthanh/aura-frog

Structured thinking process for complex analysis. Supports revision, branching, and dynamic adjustment.

2026-06-1022

angular-expert

nguyenthienthanh/aura-frog

Angular 17+ gotchas and decision criteria. Covers signals vs observables, standalone patterns, and common pitfalls Claude gets wrong.

2026-05-1522

api-designer

nguyenthienthanh/aura-frog

Designs RESTful APIs with endpoint naming, versioning strategies (URL path, header-based), pagination (offset and cursor), error response schemas, and OpenAPI conventions. Use when the user asks about REST API design, creating endpoints, URL structure, API versioning, status codes, Swagger, or OpenAPI specs.

2026-05-1522

bugfix-quick

nguyenthienthanh/aura-frog

Fast bug fixes with root cause investigation + TDD. Enforces 'no fix without root cause' discipline and verification protocol. Without this skill, fixes are applied at symptoms instead of sources, and bugs return.

2026-05-1522

name	code-reviewer
description	6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.
autoInvoke	true
priority	high
triggers	["review code","code review","before merge"]
allowed-tools	Read, Grep, Glob, Bash
effort	high
user-invocable	false

AI-consumed reference. Optimized for Claude to read during execution. Human-readable explanation: see docs/architecture/HIERARCHICAL_PLANNING.md or docs/getting-started/ depending on topic.

Code Reviewer

Use after implementation, Phase 4, or before merge.

Process

git diff --name-only main...HEAD → changed files
Run 6-aspect review
Report + decision

6 Aspects

aspects[6]{aspect,weight,checks}:
  Security,CRITICAL,"Secrets, injection, auth gaps, CSRF/CORS"
  Architecture,HIGH,"SRP, coupling, wrong layer, edge cases"
  Error Handling,HIGH,"Unhandled rejections, empty catch, silent failures"
  Test Gaps,HIGH,"Untested critical paths, missing edge/boundary cases"
  Type Safety,MEDIUM,"Missing types, any usage, null gaps"
  Simplification,LOW,"Complex conditionals, deep nesting — only if harms readability"

Spend 60% on Security + Architecture + Edge Cases. Don't nitpick syntax — linters handle that.

Report

[ASPECT] [SEVERITY] file:line — description → Fix: recommendation

CRITICAL = block merge | WARNING = should fix | INFO = nice to have

Decision

APPROVED — 0 critical, ≤3 warnings
CHANGES REQUESTED — any critical finding

Scoring (prevents LGTM drift)

Per-aspect breakdown required. Anchors: 9-10 production-ready, 7-8 minor issues, 5-6 needs work, <5 changes requested.

Block Merge On

Hardcoded secrets, injection, missing auth on protected routes, breaking changes without migration.

Mandatory Verification for Claims (CoVe)

Related Rules

rules/core/code-quality.md — Coverage, typing, error handling baseline
rules/core/naming-conventions.md — Naming patterns
rules/core/simplicity-over-complexity.md — YAGNI/DRY/KISS
rules/core/verification.md — Verify before approving
rules/core/prefer-established-libraries.md — Library choice review
rules/core/context-economy.md — Read only the diff hunks + immediate callers/callees, not whole files; use Grep to scope review evidence
rules/agent/sast-security-scanning.md — Security patterns
rules/agent/error-handling-standard.md — Error-handling review
rules/workflow/smart-commenting.md — Comment review (WHY not WHAT)
rules/workflow/cross-review-workflow.md — Builder ≠ Reviewer
rules/workflow/chain-of-verification.md — MANDATORY for factual claims in review output
rules/workflow/dual-llm-review.md — Second-opinion LLM for destructive-op / security-critical findings