원클릭으로 Manus에서 모든 스킬 실행

시작하기

ultrareview

스타10

포크3

업데이트2026년 6월 23일 14:39

Deep code review using Claude Code's thorough analysis mode — security, performance, correctness, and maintainability

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

UitbreidenOS

UitbreidenOS/Claudient

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

Ultrareview Skill

When to activate

Reviewing PRs with security-sensitive changes (auth, payments, data access)
Evaluating performance-critical code paths (hot loops, database queries, network calls)
Assessing architectural decisions in large PRs (new abstractions, pattern changes)
Pre-merge review for release branches
Auditing code before compliance reviews (SOC2, HIPAA, PCI)

When NOT to use

Trivial PRs (typo fixes, config changes, documentation only)
WIP/draft PRs that aren't ready for review
PRs that only add tests

Instructions

Understand context. Read the PR description, linked issues, and related code before diving into the diff.
Review in layers. Go through the changes 3 times, each with a different lens:

Pass 1 — Correctness:
- Does the logic handle all edge cases?
- Are error conditions handled properly?
- Do types/interfaces match between producer and consumer?
- Are there race conditions or timing issues?
Pass 2 — Security:
- Input validation (SQL injection, XSS, path traversal)?
- Authentication and authorization checks present?
- Sensitive data exposure (logs, error messages, API responses)?
- Dependency vulnerabilities introduced?
Pass 3 — Maintainability:
- Is the code readable without comments explaining the obvious?
- Are abstractions at the right level (not too much, not too little)?
- Would a new team member understand this in 5 minutes?
- Are there hidden assumptions that should be documented?
Categorize findings:
- BLOCKER: Must fix before merge (security vulnerability, data loss risk, correctness bug)
- IMPORTANT: Should fix before merge (performance issue, poor error handling, missing validation)
- SUGGESTION: Nice to have (better naming, simpler approach, additional test)
- NIT: Optional polish (style preference, minor readability)
Provide actionable feedback. For each finding:
- What's wrong and why it matters
- Specific suggestion for how to fix it
- Code example if helpful
Acknowledge good patterns. Call out well-written code, clever solutions, or good test coverage.

Example

PR: "Add user search endpoint"

## Ultrareview Results

### BLOCKER
- **SQL Injection in search query** (api/users/search.js:42)
  The search term is interpolated directly into the SQL string.
  Fix: Use parameterized queries.
  ```js
  // Before (vulnerable)
  db.query(`SELECT * FROM users WHERE name LIKE '%${query}%'`)
  // After (safe)
  db.query('SELECT * FROM users WHERE name LIKE $1', [`%${query}%`])

IMPORTANT

Missing rate limiting — Search endpoints are expensive and abuse-prone. Add rate limiting: 10 req/min per user.
No pagination — Large result sets will OOM. Add LIMIT/OFFSET with max 100 per page.

SUGGESTION

Extract search logic — The handler mixes HTTP concerns with business logic. Consider a UserSearchService class for testability.

NIT

Variable q on line 15 → rename to searchQuery for clarity.

👍 Good stuff

Solid test coverage including empty query, special chars, and unicode.
Good use of indexes on the search columns.


---

Built with [Claudient](https://github.com/UitbreidenOS/Claudient) · [Claude Code](https://claude.com/claude-code)

이 저장소의 다른 Skills

같은 저장소

agent-teams

UitbreidenOS/Claudient

Orchestrate multi-agent teams in Claude Code — set up coordinated sessions with task delegation, inter-agent communication, and parallel execution

2026-06-2310

ultraplan

UitbreidenOS/Claudient

Leverage Claude Code's ultra-deep planning mode for complex architecture decisions, multi-file refactors, and system design

2026-06-2310

swarm-sandbox

UitbreidenOS/Claudient

Safe isolated testing environment for multi-agent swarm topologies before production deployment

2026-06-2210

auto-summarizer

UitbreidenOS/Claudient

Automatically summarizes the current session context to prevent token window overflow.

2026-06-2210

prune-context

UitbreidenOS/Claudient

Claude Code context pruner: slash command to summarize session and reset token bloat

2026-06-1910

campaign-tracker

UitbreidenOS/Claudient

Produces a campaign performance summary from session-log.md entries. Reports open rates, reply rates, and meeting conversion rates per sequence. Flags top performers (reply rate >10%) and underperformers (reply rate <3%). Recommends one concrete change per underperforming sequence.

2026-06-1710

Ultrareview Skill

When to activate

Reviewing PRs with security-sensitive changes (auth, payments, data access)

Evaluating performance-critical code paths (hot loops, database queries, network calls)

Assessing architectural decisions in large PRs (new abstractions, pattern changes)

Pre-merge review for release branches

Auditing code before compliance reviews (SOC2, HIPAA, PCI)

When NOT to use

Trivial PRs (typo fixes, config changes, documentation only)

WIP/draft PRs that aren't ready for review

PRs that only add tests

Instructions

Understand context. Read the PR description, linked issues, and related code before diving into the diff.

Review in layers. Go through the changes 3 times, each with a different lens:

Pass 1 — Correctness:

Does the logic handle all edge cases?
Are error conditions handled properly?
Do types/interfaces match between producer and consumer?
Are there race conditions or timing issues?

Pass 2 — Security:

Input validation (SQL injection, XSS, path traversal)?
Authentication and authorization checks present?
Sensitive data exposure (logs, error messages, API responses)?
Dependency vulnerabilities introduced?

Pass 3 — Maintainability:

Is the code readable without comments explaining the obvious?
Are abstractions at the right level (not too much, not too little)?
Would a new team member understand this in 5 minutes?
Are there hidden assumptions that should be documented?

Categorize findings:

BLOCKER: Must fix before merge (security vulnerability, data loss risk, correctness bug)
IMPORTANT: Should fix before merge (performance issue, poor error handling, missing validation)
SUGGESTION: Nice to have (better naming, simpler approach, additional test)
NIT: Optional polish (style preference, minor readability)

Provide actionable feedback. For each finding:

What's wrong and why it matters
Specific suggestion for how to fix it
Code example if helpful

Acknowledge good patterns. Call out well-written code, clever solutions, or good test coverage.

Example

PR: "Add user search endpoint" ## Ultrareview Results ### BLOCKER - **SQL Injection in search query** (api/users/search.js:42) The search term is interpolated directly into the SQL string. Fix: Use parameterized queries. ```js // Before (vulnerable) db.query(`SELECT * FROM users WHERE name LIKE '%${query}%'`) // After (safe) db.query('SELECT * FROM users WHERE name LIKE $1', [`%${query}%`])

IMPORTANT

Missing rate limiting — Search endpoints are expensive and abuse-prone. Add rate limiting: 10 req/min per user.

No pagination — Large result sets will OOM. Add LIMIT/OFFSET with max 100 per page.

SUGGESTION

Extract search logic — The handler mixes HTTP concerns with business logic. Consider a UserSearchService class for testability.

NIT

Variable q on line 15 → rename to searchQuery for clarity.

👍 Good stuff

Solid test coverage including empty query, special chars, and unicode.

Good use of indexes on the search columns.

--- Built with [Claudient](https://github.com/UitbreidenOS/Claudient) · [Claude Code](https://claude.com/claude-code)

name	ultrareview
description	Deep code review using Claude Code's thorough analysis mode — security, performance, correctness, and maintainability