원클릭으로 Manus에서 모든 스킬 실행

$pwd:

reviewing-code

Name: Reviewing Code
Author: SocketDev

// Reviews the current branch against a base ref using multiple AI backends. Routes discovery, discovery-secondary, remediation, and verify passes through the available agents (codex, claude, opencode, kimi, …), gracefully skipping any backend that isn't installed. Writes a markdown findings report under docs/. Use when preparing or updating a PR, before merging a feature branch, or when wanting an independent second opinion from a different agent.

Manus에서 실행

$ git log --oneline --stat

stars:0

forks:0

updated:2026년 5월 28일 18:24

파일 탐색기

2 개 파일

SKILL.md

readonly

name	reviewing-code
description	Reviews the current branch against a base ref using multiple AI backends. Routes discovery, discovery-secondary, remediation, and verify passes through the available agents (codex, claude, opencode, kimi, …), gracefully skipping any backend that isn't installed. Writes a markdown findings report under docs/. Use when preparing or updating a PR, before merging a feature branch, or when wanting an independent second opinion from a different agent.
user-invocable	true
allowed-tools	Read, Grep, Glob, Bash(node:), Bash(git:), Bash(command -v:*)
model	claude-opus-4-8
context	fork

reviewing-code

Four-pass multi-agent code review of the current branch against a base ref. Each pass is a separate agent run with a focused prompt; the results fold into one markdown report.

When to use

Reviewing a feature branch before opening (or after updating) a PR.
Getting a second-and-third opinion from a different agent than the one currently editing.
Surfacing real bugs / regressions / data-integrity issues, not style.
Establishing a paper trail for a tricky migration or compatibility-path change.

Default pipeline

Pass	Role	Default backend	Output
1	discovery	`codex`	overwrites report
2	discovery-secondary	`codex`	merges into report (skipped if no new findings)
3	remediation	`codex`	adds Suggested Fix + Suggested Regression Tests per finding
4	verify	`claude`	appends `## <Backend> Verification` section

Per-role fallback order, hybrid-backend handling (opencode), and the graceful-detect / skip-with-note policy live in _shared/multi-agent-backends.md. This skill is the canonical implementation of that contract.

Variant analysis on confirmed findings

For every High / Critical finding the verify pass marks CONFIRMED, run a variant search before closing the report. The same shape often hides elsewhere in the repo. The discipline (what to search for, how to scope, when to skip) lives in _shared/variant-analysis.md. Append a ## Variant Analysis section per finding when variants are found; omit the section when there are none rather than emit an empty header.

For security-class diffs specifically, run scanning-quality/scans/differential.md alongside this skill. That scan is the security-regression cousin to this skill's general review.

Compounding lessons

When the same review finding has fired in two consecutive runs (or across two repos), promote it to a fleet rule per _shared/compound-lessons.md. Don't keep catching the same bug; codify it once.

Usage

# Default: codex×3 + claude×1, output under docs/<branch-slug>-review-findings.md
node .claude/skills/reviewing-code/run.mts

# Custom base
node .claude/skills/reviewing-code/run.mts --base origin/main

# Custom output
node .claude/skills/reviewing-code/run.mts --output docs/reviews/my-branch.md

# Skip the verify pass entirely
node .claude/skills/reviewing-code/run.mts --skip-verify

# Override one or more passes
node .claude/skills/reviewing-code/run.mts --pass discovery=kimi --pass verify=opencode

# Cleanup the temp dir on exit (default keeps logs for inspection)
node .claude/skills/reviewing-code/run.mts --cleanup-temp

# Run only a subset of passes
node .claude/skills/reviewing-code/run.mts --only discovery,verify

Configuration via env vars

Var	Default	Effect
`CODEX_MODEL`	`gpt-5.4`	Codex model when codex is the active backend
`CODEX_REASONING`	`xhigh`	Codex reasoning effort
`CLAUDE_MODEL`	`opus`	Claude model when claude is the active backend
`KIMI_MODEL`	`kimi-latest`	Kimi model when kimi is the active backend

Output

A single markdown file (docs/<branch-slug>-review-findings.md by default) with this structure:

# <descriptive title>
## Scope
## Executive Summary
## Findings
### 1. <title>
   Severity, Summary, Affected Code, Why This Is A Problem, Impact,
   Suggested Fix, Suggested Regression Tests
## Assumptions / Gaps
## Validation Notes
## Suggested Next Steps
---
## <Backend> Verification
   Per-finding verdict (CONFIRMED / LIKELY / FALSE POSITIVE),
   fix soundness, missed findings, overall recommendation.

How the runner works

run.mts is a self-contained TypeScript runner that:

Resolves base ref + merge base + commit list + diff stat.
Detects which agent CLIs are available on PATH.
For each pass, picks the preferred backend per the fallback order (or skips with a documented note).
Writes per-pass prompts to a temp dir and runs the agent non-interactively.
Folds outputs into the final report.

The prompts live in the runner: single source of truth so the pipeline and the prompts can't drift apart.

related-skills.json

같은 저장소

trimming-bundle.md

from "SocketDev/socket-lib"

For repos that ship a built bundle, finds unused code paths in dist/ and iteratively stubs them via the bundler's stub plugin. Each candidate stub goes through stub → rebuild → test loop; only paths that pass the loop are kept. Today the only supported bundler is rolldown (createLibStubPlugin); the skill shape generalizes to other bundlers if the fleet adopts them. Use after a bundler migration, before publishing a new version, or whenever bundle size grows unexpectedly.

2026-05-290

auditing-gha-settings.md

from "SocketDev/socket-lib"

Audits a repo's GitHub Actions permissions + allowlist against the fleet baseline. Reports drift only. Fixes are manual in Settings → Actions because flipping these silently is unsafe. Use when a CI failure looks like "action X is not allowed to be used", when onboarding a new fleet repo, or as a periodic fleet-wide health check.

2026-05-280

cleaning-redundant-ci.md

from "SocketDev/socket-lib"

Sweeps a fleet repo (or every fleet repo) for redundant CI surface. Three classes: orphan workflow YAML files (lint.yml / check.yml / type.yml / test.yml that the unified ci.yml replaced), GitHub-Dependabot auto-fix PRs that the fleet handles via /updating-security, and stale workflow run history in the Actions sidebar. Deletes the YAML files, disables Dependabot automated-security-fixes via gh api, and reports anything that needs a manual UI toggle. Once-and-never-again sweep meant to leave a repo clean.

2026-05-280

running-test262.md

from "SocketDev/socket-lib"

Run the test262 conformance suite against fleet parsers / runtimes (ultrathink acorn variants, socket-btm temporal-infra, future ports) using each repo's canonical runner. Never write homebrew test262 runners. Every parser/runtime in the fleet ships a runner under `test/scripts/test262-*.mts` and an unsupported-features config. Use this skill when asked to run spec tests, check conformance, debug a failing test262 case, or compare a parser against a reference implementation.

2026-05-280

scanning-quality.md

from "SocketDev/socket-lib"

Scans the codebase for bugs, logic errors, cache races, workflow problems, insecure defaults, security regressions in the diff, and variant analysis on prior findings. Spawns specialized Task agents per scan type, deduplicates findings, and produces an A-F prioritized report. Use when preparing a release, investigating quality issues, running pre-merge checks, or whenever a recent diff touches security-sensitive code.

2026-05-280

scanning-security.md

from "SocketDev/socket-lib"

Runs a multi-tool security scan: AgentShield for Claude config, zizmor for GitHub Actions, and optionally Socket CLI for dependency scanning. Produces an A-F graded security report. Use after modifying `.claude/` config, hooks, agents, or GitHub Actions workflows, and before releases.

2026-05-280

package.json

"author": "SocketDev"

"repository": "SocketDev/socket-lib"

GitHub 저장소 열기 Creator 저장소 보기

$ install --global

$ download --local

Manus에서 실행

name	reviewing-code
description	Reviews the current branch against a base ref using multiple AI backends. Routes discovery, discovery-secondary, remediation, and verify passes through the available agents (codex, claude, opencode, kimi, …), gracefully skipping any backend that isn't installed. Writes a markdown findings report under docs/. Use when preparing or updating a PR, before merging a feature branch, or when wanting an independent second opinion from a different agent.
user-invocable	true
allowed-tools	Read, Grep, Glob, Bash(node:), Bash(git:), Bash(command -v:*)
model	claude-opus-4-8
context	fork

reviewing-code

Four-pass multi-agent code review of the current branch against a base ref. Each pass is a separate agent run with a focused prompt; the results fold into one markdown report.

When to use

Reviewing a feature branch before opening (or after updating) a PR.
Getting a second-and-third opinion from a different agent than the one currently editing.
Surfacing real bugs / regressions / data-integrity issues, not style.
Establishing a paper trail for a tricky migration or compatibility-path change.

Default pipeline

Pass	Role	Default backend	Output
1	discovery	`codex`	overwrites report
2	discovery-secondary	`codex`	merges into report (skipped if no new findings)
3	remediation	`codex`	adds Suggested Fix + Suggested Regression Tests per finding
4	verify	`claude`	appends `## <Backend> Verification` section

Variant analysis on confirmed findings

For security-class diffs specifically, run scanning-quality/scans/differential.md alongside this skill. That scan is the security-regression cousin to this skill's general review.

Compounding lessons

When the same review finding has fired in two consecutive runs (or across two repos), promote it to a fleet rule per _shared/compound-lessons.md. Don't keep catching the same bug; codify it once.

Usage

# Default: codex×3 + claude×1, output under docs/<branch-slug>-review-findings.md
node .claude/skills/reviewing-code/run.mts

# Custom base
node .claude/skills/reviewing-code/run.mts --base origin/main

# Custom output
node .claude/skills/reviewing-code/run.mts --output docs/reviews/my-branch.md

# Skip the verify pass entirely
node .claude/skills/reviewing-code/run.mts --skip-verify

# Override one or more passes
node .claude/skills/reviewing-code/run.mts --pass discovery=kimi --pass verify=opencode

# Cleanup the temp dir on exit (default keeps logs for inspection)
node .claude/skills/reviewing-code/run.mts --cleanup-temp

# Run only a subset of passes
node .claude/skills/reviewing-code/run.mts --only discovery,verify

Configuration via env vars

Var	Default	Effect
`CODEX_MODEL`	`gpt-5.4`	Codex model when codex is the active backend
`CODEX_REASONING`	`xhigh`	Codex reasoning effort
`CLAUDE_MODEL`	`opus`	Claude model when claude is the active backend
`KIMI_MODEL`	`kimi-latest`	Kimi model when kimi is the active backend

Output

A single markdown file (docs/<branch-slug>-review-findings.md by default) with this structure:

# <descriptive title>
## Scope
## Executive Summary
## Findings
### 1. <title>
   Severity, Summary, Affected Code, Why This Is A Problem, Impact,
   Suggested Fix, Suggested Regression Tests
## Assumptions / Gaps
## Validation Notes
## Suggested Next Steps
---
## <Backend> Verification
   Per-finding verdict (CONFIRMED / LIKELY / FALSE POSITIVE),
   fix soundness, missed findings, overall recommendation.

How the runner works

run.mts is a self-contained TypeScript runner that:

Resolves base ref + merge base + commit list + diff stat.
Detects which agent CLIs are available on PATH.
For each pass, picks the preferred backend per the fallback order (or skips with a documented note).
Writes per-pass prompts to a temp dir and runs the agent non-interactively.
Folds outputs into the final report.

The prompts live in the runner: single source of truth so the pipeline and the prompts can't drift apart.

reviewing-code

reviewing-code

When to use

Default pipeline

Variant analysis on confirmed findings

Compounding lessons

Usage

Configuration via env vars

Output

How the runner works

이 저장소의 다른 Skills

이 저장소의 다른 Skills

reviewing-code

When to use

Default pipeline

Variant analysis on confirmed findings

Compounding lessons

Usage

Configuration via env vars

Output

How the runner works