Run any Skill in Manus with one click

$pwd:

code-review

Name: Code Review
Author: blueberrycongee

// Structured code review skill. Use when asked to "review this code", "review this PR", "check this diff", or when acting as a Hydra reviewer. Runs a multi-pass review with specialist focus areas and confidence-gated findings.

Run Skill in Manus

$ git log --oneline --stat

stars:303

forks:21

updated:April 12, 2026 at 09:43

SKILL.md

readonly

name	code-review
description	Structured code review skill. Use when asked to "review this code", "review this PR", "check this diff", or when acting as a Hydra reviewer. Runs a multi-pass review with specialist focus areas and confidence-gated findings.

Code Review

Structured multi-pass review. Read the full diff before commenting on anything.

Phase 1: Orient

Determine the review scope:
- If reviewing a PR: git diff <base>..HEAD
- If reviewing staged changes: git diff --cached
- If reviewing a file: read the file
Understand the intent: read the commit messages, PR description, or task description to understand what the change is supposed to do
Identify the change type: feature, bugfix, refactor, config, dependency update

Phase 2: Critical Pass

Read the diff line by line. Flag only real issues:

Always check:

Logic errors (wrong conditions, off-by-one, missing null checks on external data)
SQL injection, XSS, command injection, path traversal
Race conditions in concurrent code
Resource leaks (unclosed handles, missing cleanup)
Missing error handling at system boundaries (network, file I/O, user input)
Breaking API contract changes without version bump

Never flag:

Style preferences (naming, formatting) unless they cause confusion
Missing comments on self-explanatory code
Hypothetical edge cases that cannot happen given the invariants
"I would have done it differently" without a concrete defect

Phase 3: Specialist Focus

Based on the change type, apply the relevant specialist lens:

If the diff touches tests:

Do tests actually test behavior, or just assert mock return values?
Are there tautological assertions (expect(true).toBe(true))?
Is the test coupled to implementation details rather than outcomes?

If the diff touches data access:

N+1 query patterns in loops
Unbounded result sets without pagination
Transactions where atomic operations are needed

If the diff touches auth/security:

Apply Phase 2-4 of the security-audit skill to the changed code

If the diff touches UI:

State management: are loading/error/empty states handled?
Accessibility: keyboard navigation, semantic HTML, ARIA labels
Responsive: does it work at mobile/tablet/desktop breakpoints?

Phase 4: Verdict

For each finding, assign a confidence level:

High (8-10): Confirmed defect with clear evidence — fix before merge
Medium (5-7): Likely issue, but may depend on context — discuss
Low (1-4): Possible concern, worth noting — optional

Report format per finding:

[severity] file:line — description
Confidence: N/10
Suggestion: specific fix

Final verdict

Approve: no High findings, no more than 2 Medium findings
Request changes: any High finding, or 3+ Medium findings
If nothing is wrong: say "no issues found" — do not invent problems

Rules

Read the code before commenting — never review from the description alone
Every finding must reference a specific file and line
Do not suggest refactoring that is unrelated to the change being reviewed
A review that flags nothing wrong is a valid review — do not pad

related-skills.json

same repository

qa.md

from "blueberrycongee/termcanvas"

QA testing skill with real browser automation. Use when asked to "test this site", "QA this page", "check for visual bugs", "verify the deploy", or when Hydra needs browser validation for UI changes. Requires the browse binary.

2026-04-12303

using-termcanvas.md

from "blueberrycongee/termcanvas"

Use when starting work in a TermCanvas-managed repo to route between direct work, Hydra, or a narrow TermCanvas skill.

2026-04-12303

hydra.md

from "blueberrycongee/termcanvas"

Use when a task should run through Hydra's Lead-driven workflow for multi-agent orchestration, or when an existing workflow must be inspected or cleaned up.

2026-04-11303

challenge.md

from "blueberrycongee/termcanvas"

Adversarial review skill. Use when the user wants to stress-test an idea, argument, proposal, or opinion from multiple independent angles. Spawns parallel Hydra workers with orthogonal analytical methodologies.

2026-04-08303

security-audit.md

from "blueberrycongee/termcanvas"

Security audit skill. Use when asked to "audit security", "check for vulnerabilities", "security review", "pentest", or when evaluating code that handles auth, user input, secrets, or external data. Runs a phased scan covering OWASP Top 10 and STRIDE threat modeling.

2026-03-31303

investigate.md

from "blueberrycongee/termcanvas"

Systematic debugging skill. Use when encountering a bug, test failure, unexpected behavior, or when asked to "investigate", "debug", "diagnose", or "figure out why". Enforces root-cause-first discipline with structured hypothesis tracking.

2026-03-31303

package.json

"author": "blueberrycongee"

"repository": "blueberrycongee/termcanvas"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Software Quality Assurance Analysts and TestersComputer and Mathematical Occupations15-1253L4

name	code-review
description	Structured code review skill. Use when asked to "review this code", "review this PR", "check this diff", or when acting as a Hydra reviewer. Runs a multi-pass review with specialist focus areas and confidence-gated findings.

Code Review

Structured multi-pass review. Read the full diff before commenting on anything.

Phase 1: Orient

Determine the review scope:
- If reviewing a PR: git diff <base>..HEAD
- If reviewing staged changes: git diff --cached
- If reviewing a file: read the file
Understand the intent: read the commit messages, PR description, or task description to understand what the change is supposed to do
Identify the change type: feature, bugfix, refactor, config, dependency update

Phase 2: Critical Pass

Read the diff line by line. Flag only real issues:

Always check:

Logic errors (wrong conditions, off-by-one, missing null checks on external data)
SQL injection, XSS, command injection, path traversal
Race conditions in concurrent code
Resource leaks (unclosed handles, missing cleanup)
Missing error handling at system boundaries (network, file I/O, user input)
Breaking API contract changes without version bump

Never flag:

Style preferences (naming, formatting) unless they cause confusion
Missing comments on self-explanatory code
Hypothetical edge cases that cannot happen given the invariants
"I would have done it differently" without a concrete defect

Phase 3: Specialist Focus

Based on the change type, apply the relevant specialist lens:

If the diff touches tests:

Do tests actually test behavior, or just assert mock return values?
Are there tautological assertions (expect(true).toBe(true))?
Is the test coupled to implementation details rather than outcomes?

If the diff touches data access:

N+1 query patterns in loops
Unbounded result sets without pagination
Transactions where atomic operations are needed

If the diff touches auth/security:

Apply Phase 2-4 of the security-audit skill to the changed code

If the diff touches UI:

State management: are loading/error/empty states handled?
Accessibility: keyboard navigation, semantic HTML, ARIA labels
Responsive: does it work at mobile/tablet/desktop breakpoints?

Phase 4: Verdict

For each finding, assign a confidence level:

High (8-10): Confirmed defect with clear evidence — fix before merge
Medium (5-7): Likely issue, but may depend on context — discuss
Low (1-4): Possible concern, worth noting — optional

Report format per finding:

[severity] file:line — description
Confidence: N/10
Suggestion: specific fix

Final verdict

Approve: no High findings, no more than 2 Medium findings
Request changes: any High finding, or 3+ Medium findings
If nothing is wrong: say "no issues found" — do not invent problems

Rules

Read the code before commenting — never review from the description alone
Every finding must reference a specific file and line
Do not suggest refactoring that is unrelated to the change being reviewed
A review that flags nothing wrong is a valid review — do not pad

code-review

Code Review

Phase 1: Orient

Phase 2: Critical Pass

Phase 3: Specialist Focus

Phase 4: Verdict

Final verdict

Rules

More from this repository

Code Review

Phase 1: Orient

Phase 2: Critical Pass

Phase 3: Specialist Focus

Phase 4: Verdict

Final verdict

Rules

More from this repository