메뉴
Reviews skills against Claude Code best practices. Use when auditing skill files for adherence to recommendations.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Data visualization and information design best practices. Use when creating charts, dashboards, graphs, or any visual representation of data.
Typography principles for print and screen. Use when selecting fonts, setting type, designing text layouts, or creating web typography.
LaTeX amsmath/amssymb/mathtools packages for mathematical typesetting. Use when helping users write equations, align math, use mathematical symbols, matrices, theorems, or any advanced math formatting.
LaTeX biblatex/biber packages for modern bibliography management. Use when helping users cite references, manage .bib files, choose citation styles, or troubleshoot bibliography compilation.
LaTeX booktabs/tabularx/multirow/longtable packages for professional tables. Use when helping users create well-formatted tables, multi-page tables, or improve table appearance.
LaTeX graphicx package for image inclusion and manipulation. Use when helping users insert images, resize graphics, create figure environments, or work with subfigures.
| name | skill-reviewer |
| description | Reviews skills against Claude Code best practices. Use when auditing skill files for adherence to recommendations. |
| disable-model-invocation | true |
| aliases | ["review-skill"] |
Reviews skill files against Claude Code best practices.
Target: $ARGUMENTS (path to skill file or directory)
Use when:
Required frontmatter:
name (kebab-case, descriptive)description (when to use, not just what)disable-model-invocation: true for workflows with side effectsaliases for common alternative namesQuality:
Organization:
Context efficiency:
For skills invoked with /skill-name:
disable-model-invocation: true$ARGUMENTS if accepts parametersFor skills Claude applies automatically:
Context-saving patterns:
/clear when context clutteredIf included:
Content:
Workflow:
Principles:
Eliminate verbosity:
BAD: "Make sure your code is well-organized and follows good practices"
GOOD: "Use dependency injection. Limit functions to 50 lines."
Common filler: "basically", "essentially", "generally", "typically", "very", "really", "quite", "actually", "kind of", "sort of", "simply", "just"
BAD: "You should basically just run the tests to make sure everything is actually working correctly"
GOOD: "Run tests to verify functionality"
BAD: "Keep functions small and avoid deeply nested code"
GOOD: "Limit functions to 50 lines. Limit nesting to 3 levels."
BAD: "The configuration should be validated before the application is started"
GOOD: "Validate configuration before starting the application"
BAD: "When you're working with user input, which could potentially contain malicious data, it's important to remember that you should always validate and sanitize it"
GOOD: "Always validate and sanitize user input"
BAD:
GOOD:
BAD: "This might help improve performance somewhat"
GOOD: "This improves performance by 30%" or "This may improve performance. Benchmark to verify."
## Skill Review: [skill-name]
### Summary
[1-2 sentence overview]
### Strengths
- [What works well]
- [Effective patterns]
### Issues Found
#### Critical (Must Fix)
- [ ] [Issue] - Location: [section/line]
#### Recommendations (Should Fix)
- [ ] [Recommendation] - Location: [section/line]
#### Suggestions (Nice to Have)
- [ ] [Suggestion] - Location: [section/line]
### Context Efficiency Score
[1-5]: [Brief explanation]
- 5: Extremely concise, every word necessary
- 4: Mostly efficient, minor verbosity
- 3: Acceptable, some trimming needed
- 2: Verbose, significant trimming needed
- 1: Bloated, major revision required
### Technical Writing Quality
[1-5]: [Brief explanation]
- 5: Precise, concise, active voice, no filler
- 4: Mostly clear, minor improvements
- 3: Acceptable, some verbosity/vagueness
- 2: Significant clarity issues, passive voice, filler
- 1: Unclear, verbose, imprecise
### Overall Assessment
[Pass/Pass with Recommendations/Needs Revision]
### Specific Improvements
```diff
[Show diffs for suggested changes]
## Common Skill Smells
### The Encyclopedia
**Symptom:** Exhaustive domain coverage
**Fix:** Break into focused skills or link to docs
### The CLAUDE.md Duplicate
**Symptom:** Project-specific conventions
**Fix:** Move to CLAUDE.md, keep domain knowledge in skill
### The Vague Guide
**Symptom:** Generic advice ("write clean code")
**Fix:** Provide specific, actionable guidance
### The Context Hog
**Symptom:** 1000+ lines, auto-loaded
**Fix:** Compress, split, or make invokable-only
### The Rigid Workflow
**Symptom:** Overly prescriptive steps
**Fix:** Provide guidance and checkpoints, allow adaptation
### The Missing Verification
**Symptom:** Implementation without validation
**Fix:** Add verification steps, success criteria, tests
### The Assumption Maker
**Symptom:** "Update the config" (which file? where?)
**Fix:** Explicit paths, patterns, or discovery method
### The Verbose Writer
**Symptom:** Filler words, passive voice, redundancy
**Fix:** Apply technical writing principles
## Examples
### Good Knowledge Skill
```markdown
---
name: api-conventions
description: REST API design conventions for our microservices
---
# API Conventions
## URL Structure
- Use kebab-case: `/api/v1/user-profiles`
- Version in path: `/v1/`, `/v2/`
- Collection naming: plural (`/users`, not `/user`)
## Request/Response
- camelCase for JSON properties
- ISO 8601 timestamps: `2024-01-15T10:30:00Z`
- Wrap lists: `{ "data": [...], "meta": { "total": 100 } }`
## Pagination
- Cursor-based for large datasets
- Include `next`, `prev` in meta
- Max 100 items per page
## Error Handling
- Use RFC 7807 Problem Details
- Include `type`, `title`, `status`, `detail`
Why it passes: Concise, focused, provides patterns Claude can't infer, scannable, no prose.
---
name: fix-security-issue
description: Fix security vulnerability following our security workflow
disable-model-invocation: true
---
# Fix Security Issue
Fix security issue $ARGUMENTS following our security review process.
## Steps
1. **Analyze vulnerability**
- `gh issue view $ARGUMENTS` to read security issue
- Identify CWE category and severity
- Understand attack vector
2. **Find affected code**
- Search for vulnerable patterns using Grep
- Check for similar instances elsewhere
- Review history: `git log -p --grep="$PATTERN"`
3. **Implement fix**
- Address root cause, not symptoms
- Follow secure patterns from `.claude/skills/security-patterns/`
- Update all affected locations
4. **Write security tests**
- Test reproduces vulnerability
- Verify test fails on old code
- Verify test passes on fixed code
- Add edge case tests
5. **Validate fix**
- `npm test`
- `npm run security-scan`
- `npm run lint`
6. **Document and commit**
- Add security comment explaining fix
- `security: fix [CWE-XXX] in [component]`
- Reference issue: `Fixes #$ARGUMENTS`
7. **Create PR**
- `gh pr create --template security`
- Request @security-team review
- Add `security` label
## Verification
- [ ] Security test added and passing
- [ ] All tests passing
- [ ] Security scanner clean
- [ ] Similar patterns checked
- [ ] Security team assigned
Why it passes: Clear workflow, disable-model-invocation: true, verification checklist, exact commands, success criteria, uses $ARGUMENTS.
---
name: make-code-better
description: Improves code quality
---
# Code Improvement Guide
This skill helps you write better, cleaner, more maintainable code.
## General Principles
Always write clean code that is easy to read. Make sure your code
follows best practices. Remember that code is read more often than
it's written.
## Things to Consider
- Make your code modular
- Add appropriate comments
- Follow DRY principle
- Use meaningful names
- Keep functions small
- Write tests
- Handle errors
- Optimize performance
- Make it scalable
- Consider security
Why it fails:
disable-model-invocation flagFix: Split into focused skills (security-patterns, testing-patterns), provide examples, add verification, make context-efficient.
BEFORE (verbose):
## Error Handling
When working with API calls, it's important to handle errors properly.
You should catch exceptions and log them so you can debug issues later.
It's also a good idea to provide meaningful error messages.
AFTER (concise):
## Error Handling
- Catch all exceptions
- Log to monitoring (Sentry, Datadog)
- Return user-friendly messages (hide stack traces)
```javascript
try {
await api.call()
} catch (error) {
logger.error('API failed', { error, context })
throw new UserError('Unable to process request')
}
**Improvements:** Eliminated filler, active voice, specific tools, added code, 60% shorter with more info.
## References
Based on Claude Code best practices:
- https://code.claude.com/docs/en/best-practices
- https://code.claude.com/docs/en/skills
- https://code.claude.com/docs/en/how-claude-code-works
## Usage
/skill-reviewer path/to/SKILL.md