ワンクリックでManusで任意のスキルを実行

始める

$pwd:

code-review

Name: Code Review
Author: coder

// Reviews code changes for bugs, security issues, and quality problems

Manusで実行

$ git log --oneline --stat

stars:13,335

forks:1,304

updated:2026年2月2日 17:49

SKILL.md

readonly

name	code-review
description	Reviews code changes for bugs, security issues, and quality problems

Code Review Skill

Review code changes in coder/coder and identify bugs, security issues, and quality problems.

Workflow

Get the code changes - Use the method provided in the prompt, or if none specified:
- For a PR: gh pr diff <PR_NUMBER> --repo coder/coder
- For local changes: git diff main or git diff --staged
Read full files and related code before commenting - verify issues exist and consider how similar code is implemented elsewhere in the codebase
Analyze for issues - Focus on what could break production
Report findings - Use the method provided in the prompt, or summarize directly

Severity Levels

🔴 CRITICAL: Security vulnerabilities, auth bypass, data corruption, crashes
🟡 IMPORTANT: Logic bugs, race conditions, resource leaks, unhandled errors
🔵 NITPICK: Minor improvements, style issues, portability concerns

What to Look For

Security: Auth bypass, injection, data exposure, improper access control
Correctness: Logic errors, off-by-one, nil/null handling, error paths
Concurrency: Race conditions, deadlocks, missing synchronization
Resources: Leaks, unclosed handles, missing cleanup
Error handling: Swallowed errors, missing validation, panic paths

What NOT to Comment On

Style that matches existing Coder patterns (check AGENTS.md first)
Code that already exists unchanged
Theoretical issues without concrete impact
Changes unrelated to the PR's purpose

Coder-Specific Patterns

Authorization Context

// Public endpoints needing system access
dbauthz.AsSystemRestricted(ctx)

// Authenticated endpoints with user context - just use ctx
api.Database.GetResource(ctx, id)

Error Handling

// OAuth2 endpoints use RFC-compliant errors
writeOAuth2Error(ctx, rw, http.StatusBadRequest, "invalid_grant", "description")

// Regular endpoints use httpapi
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{...})

Shell Scripts

set -u only catches UNDEFINED variables, not empty strings:

unset VAR; echo ${VAR}         # ERROR with set -u
VAR=""; echo ${VAR}            # OK with set -u (empty is fine)
VAR="${INPUT:-}"; echo ${VAR}  # OK - always defined

GitHub Actions context variables (github.*, inputs.*) are always defined.

Review Quality

Explain impact ("causes crash when X" not "could be better")
Make observations actionable with specific fixes
Read the full context before commenting on a line
Check AGENTS.md for project conventions before flagging style

Comment Standards

Only comment when confident - If you're not 80%+ sure it's a real issue, don't comment. Verify claims before posting.
No speculation - Avoid "might", "could", "consider". State facts or skip.
Verify technical claims - Check documentation or code before asserting how something works. Don't guess at API behavior or syntax rules.

related-skills.json

同じリポジトリ

dogfood.md

from "coder/coder"

Run a Coder PR dogfood instance: inspect PR context, check out the right branch or stack, start Coder with scripts/develop.sh using agent-safe dev-instance practices, validate the changed functionality with UI evidence when needed, and report findings.

2026-05-2013.3k

pull-requests.md

from "coder/coder"

Guide for creating, updating, and following up on pull requests in the Coder repository. Use when asked to open a PR, update a PR, rewrite a PR description, or follow up on CI/check failures.

2026-05-1113.3k

coder-agents-review.md

from "coder/coder"

Use this skill when a repository already has an open pull request and you need to run the Coder Agents Review loop: request review with `/coder-agents-review` when needed, wait for feedback from the `coder-agents-review` GitHub app, fix issues, and repeat until the app comments `approved`.

2026-05-1113.3k

deep-review.md

from "coder/coder"

Multi-reviewer code review. Spawns domain-specific reviewers in parallel, cross-checks findings, posts a single structured GitHub review.

2026-04-1013.3k

refine-plan.md

from "coder/coder"

Iteratively refine development plans using TDD methodology. Ensures plans are clear, actionable, and include red-green-refactor cycles with proper test coverage.

2026-03-2413.3k

doc-check.md

from "coder/coder"

Checks if code changes require documentation updates

2026-01-2113.3k

package.json

"author": "coder"

"repository": "coder/coder"

GitHub リポジトリを開く Creator のリポジトリを見る

$ install --global

$ download --local

Manusで実行

$ useful --forSOC

ソフトウェア品質保証アナリスト・テスターコンピュータ・数学職15-1253L4

name	code-review
description	Reviews code changes for bugs, security issues, and quality problems

Code Review Skill

Review code changes in coder/coder and identify bugs, security issues, and quality problems.

Workflow

Get the code changes - Use the method provided in the prompt, or if none specified:
- For a PR: gh pr diff <PR_NUMBER> --repo coder/coder
- For local changes: git diff main or git diff --staged
Read full files and related code before commenting - verify issues exist and consider how similar code is implemented elsewhere in the codebase
Analyze for issues - Focus on what could break production
Report findings - Use the method provided in the prompt, or summarize directly

Severity Levels

🔴 CRITICAL: Security vulnerabilities, auth bypass, data corruption, crashes
🟡 IMPORTANT: Logic bugs, race conditions, resource leaks, unhandled errors
🔵 NITPICK: Minor improvements, style issues, portability concerns

What to Look For

Security: Auth bypass, injection, data exposure, improper access control
Correctness: Logic errors, off-by-one, nil/null handling, error paths
Concurrency: Race conditions, deadlocks, missing synchronization
Resources: Leaks, unclosed handles, missing cleanup
Error handling: Swallowed errors, missing validation, panic paths

What NOT to Comment On

Style that matches existing Coder patterns (check AGENTS.md first)
Code that already exists unchanged
Theoretical issues without concrete impact
Changes unrelated to the PR's purpose

Coder-Specific Patterns

Authorization Context

// Public endpoints needing system access
dbauthz.AsSystemRestricted(ctx)

// Authenticated endpoints with user context - just use ctx
api.Database.GetResource(ctx, id)

Error Handling

// OAuth2 endpoints use RFC-compliant errors
writeOAuth2Error(ctx, rw, http.StatusBadRequest, "invalid_grant", "description")

// Regular endpoints use httpapi
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{...})

Shell Scripts

set -u only catches UNDEFINED variables, not empty strings:

unset VAR; echo ${VAR}         # ERROR with set -u
VAR=""; echo ${VAR}            # OK with set -u (empty is fine)
VAR="${INPUT:-}"; echo ${VAR}  # OK - always defined

GitHub Actions context variables (github.*, inputs.*) are always defined.

Review Quality

Explain impact ("causes crash when X" not "could be better")
Make observations actionable with specific fixes
Read the full context before commenting on a line
Check AGENTS.md for project conventions before flagging style

Comment Standards

Only comment when confident - If you're not 80%+ sure it's a real issue, don't comment. Verify claims before posting.
No speculation - Avoid "might", "could", "consider". State facts or skip.
Verify technical claims - Check documentation or code before asserting how something works. Don't guess at API behavior or syntax rules.

code-review

Code Review Skill

Workflow

Severity Levels

What to Look For

What NOT to Comment On

Coder-Specific Patterns

Authorization Context

Error Handling

Shell Scripts

Review Quality

Comment Standards

このリポジトリの他の Skills

このリポジトリの他の Skills

Code Review Skill

Workflow

Severity Levels

What to Look For

What NOT to Comment On

Coder-Specific Patterns

Authorization Context

Error Handling

Shell Scripts

Review Quality

Comment Standards