ワンクリックで
code-review
Run a comprehensive code review
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Run a comprehensive code review
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Kimi WebBridge lets AI control the user's real browser — navigate, click, type, read, screenshot, and interact with any website using the user's actual login sessions. Use this skill whenever the user wants to interact with websites, automate browser tasks, scrape web content, or perform any action requiring a real browser. Also use when the user mentions "browser", "webpage", "open URL", "screenshot", or asks to read/interact with any website. Use even for simple-sounding browser requests — the daemon handles all complexity.
Record demo GIFs/MP4s of agent TUI sessions (Claude Code, Codex CLI, other agent CLIs), synchronized via a Stop-hook sentinel so the recording knows exactly when each response finishes. Two modes - scripted (VHS tape, repeatable) and live/adaptive (tmux + asciinema, where the outer Claude reads each inner response and decides the next prompt). Use when the user wants to record, capture, or make a demo/GIF/video of a Claude Code or Codex session, create a .tape file, drive a nested agent session interactively, or asks about VHS/asciinema recording of an agent CLI.
Put a website behind a Cloudflare Access (Zero Trust) login gate, or remove one, entirely from the CLI — no dashboard GUI. Use when the user wants to password/email-protect a hostname, gate a Cloudflare Pages or Workers site, restrict a site to specific emails, set up Zero Trust Access, or asks about "cf-gate". Manages Access applications and allow-email policies via the Cloudflare API using a token in the skill's .env. Note: wrangler does NOT manage Access — this uses the Cloudflare REST API directly.
Defer execution of a slash-command or prompt until a timer elapses. Starts a background polling timer that prints "TIMER DONE" on stdout, then executes the deferred prompt.
Generate an image via Codex CLI (OpenAI gpt-image-1) and save to a local path. Use when user asks to create/draw/generate an image AND save it (e.g. "draw X, save to images/y.png", "用 codex 生圖"). Requires `codex login` + `$OPENAI_API_KEY`.
DeepSeek client via the private chat.deepseek.com API (browser-exported userToken), not the official platform.deepseek.com API. Use for personal webgui automation, `x-ds-pow-response` / DeepSeekHashV1 POW solving, or SSE THINK/TOOL_SEARCH stream parsing.
| name | code-review |
| description | Run a comprehensive code review |
Conduct a thorough code review for quality, security, and maintainability with severity-rated feedback.
This skill activates when:
Delegates to the code-reviewer agent (THOROUGH tier) for deep analysis:
Identify Changes
git diff to find changed filesReview Categories
Severity Rating
Specific Recommendations
delegate(
role="code-reviewer",
tier="THOROUGH",
prompt="CODE REVIEW TASK
Review code changes for quality, security, and maintainability.
Scope: [git diff or specific files]
Review Checklist:
- Security vulnerabilities (OWASP Top 10)
- Code quality (complexity, duplication)
- Performance issues (N+1, inefficient algorithms)
- Best practices (naming, documentation, error handling)
- Maintainability (coupling, testability)
Output: Code review report with:
- Files reviewed count
- Issues by severity (CRITICAL, HIGH, MEDIUM, LOW)
- Specific file:line locations
- Fix recommendations
- Approval recommendation (APPROVE / REQUEST CHANGES / COMMENT)"
)
The code-reviewer agent SHOULD consult Codex for cross-validation.
Before first MCP tool use, call ToolSearch("mcp") to discover deferred MCP tools.
Use mcp__x__ask_codex with agent_role: "code-reviewer".
If ToolSearch finds no MCP tools, fall back to the code-reviewer agent.
Note: Codex calls can take up to 1 hour. Consider the review timeline before consulting.
CODE REVIEW REPORT
==================
Files Reviewed: 8
Total Issues: 15
CRITICAL (0)
-----------
(none)
HIGH (3)
--------
1. src/api/auth.ts:42
Issue: User input not sanitized before SQL query
Risk: SQL injection vulnerability
Fix: Use parameterized queries or ORM
2. src/components/UserProfile.tsx:89
Issue: Password displayed in plain text in logs
Risk: Credential exposure
Fix: Remove password from log statements
3. src/utils/validation.ts:15
Issue: Email regex allows invalid formats
Risk: Accepts malformed emails
Fix: Use proven email validation library
MEDIUM (7)
----------
...
LOW (5)
-------
...
RECOMMENDATION: REQUEST CHANGES
Critical security issues must be addressed before merge.
The code-reviewer agent checks:
APPROVE - No CRITICAL or HIGH issues, minor improvements only REQUEST CHANGES - CRITICAL or HIGH issues present COMMENT - Only LOW/MEDIUM issues, no blocking concerns
Good: The user says continue after the workflow already has a clear next step. Continue the current branch of work instead of restarting or re-asking the same question.
Good: The user changes only the output shape or downstream delivery step (for example make a PR). Preserve earlier non-conflicting workflow constraints and apply the update locally.
Bad: The user says continue, and the workflow restarts discovery or stops before the missing verification/evidence is gathered.
With Team:
/team "review recent auth changes and report findings"
Includes coordinated review execution across specialized agents.
With Ralph:
/ralph code-review then fix all issues
Review code, get feedback, fix until approved.
With Ultrawork:
/ultrawork review all files in src/
Parallel code review across multiple files.