一键导入
expert-code-reviewer
Language-agnostic workflow for code reviews and security audits against Clean Code/SOLID principles, generating formal refactoring plans.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Language-agnostic workflow for code reviews and security audits against Clean Code/SOLID principles, generating formal refactoring plans.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Performs consistency and traceability audits across documents (PRD vs Spec vs Plan) to detect missing coverage and scope creep.
Systematic codebase exploration, architectural critique, and generation of Project Discovery Drafts for SDLC Phase 0.
Workflow for analyzing bug reports, tracing root causes, and generating structured bug-fix implementation plans with rollback strategies.
Helps interrogate Product Requirements (PRD), Technical Specifications, and Implementation Plans to find ambiguities, missing edge cases, and hidden assumptions.
Workflow for auditing, designing, and writing structured documentation based on the Diátaxis Framework (Tutorials, How-to, Reference, Explanation).
An advanced, autonomous AI agent skill designed to execute complex, multi-step, and long-horizon tasks with high reliability and minimal human interruption.
| name | expert-code-reviewer |
| description | Language-agnostic workflow for code reviews and security audits against Clean Code/SOLID principles, generating formal refactoring plans. |
| license | MIT |
This skill provides the structured workflow for analyzing codebase implementations, identifying architectural flaws, detecting security vulnerabilities, and generating formal, executable implementation plans for refactoring and remediation. This skill accompanies the @ExpertCodeReviewer agent.
/plan/ directory.refactor-[component]-[version].md and save it in the /plan/ directory.---
goal: [Concise Title Describing the Refactoring & Security Plan's Goal]
version: [Optional: e.g., 1.0, Date]
date_created: [YYYY-MM-DD]
last_updated: [Optional: YYYY-MM-DD]
owner: [Optional: Team/Individual responsible for this spec]
status: "Planned"
tags: ["refactor", "clean-code", "architecture", "security"]
---
# Introduction

[A short concise introduction to the refactoring plan, the technical debt being addressed, the architectural goal, and any security vulnerabilities being remediated.]
## 1. Requirements & Constraints (Architecture & Security Focus)
[Explicitly list the architectural and security principles guiding this refactoring.]
- **REQ-001**: Requirement 1
- **PRN-001**: Architectural Principle (e.g., Ensure Single Responsibility Principle)
- **SEC-001**: Security Requirement (e.g., Prevent SQL Injection via parameterized queries)
- **CON-001**: Constraint 1
## 2. Implementation Steps
> **⚠️ EXECUTION DIRECTIVE FOR AI AGENTS:**
> You MUST execute this plan phase by phase. You MUST run the specific testing/verification task at the end of each phase. After a phase is tested, you **MUST STOP AND WAIT** for the user's explicit approval before proceeding to the next phase.
### Implementation Phase 1: Security Remediation & Decoupling
- GOAL-001: [Describe the goal of this phase]
| Task | Description | Completed | Date |
| -------- | ----------------------------------------------------------------------- | --------- | ---- |
| TASK-001 | Description of task 1 (include exact file paths) | | |
| TASK-00X | **VERIFY**: [Specific testing/verification step for this phase] | | |
| TASK-00Y | **APPROVAL**: Wait for explicit user confirmation to proceed to Phase 2 | | |
### Implementation Phase 2: Core Architectural Refactoring
- GOAL-002: [Describe the goal of this phase]
| Task | Description | Completed | Date |
| -------- | --------------------------------------------------------------- | --------- | ---- |
| TASK-003 | Description of task 3 | | |
| TASK-00X | **VERIFY**: [Specific testing/verification step for this phase] | | |
| TASK-00Y | **APPROVAL**: Wait for explicit user confirmation to proceed | | |
## 3. Alternatives
[A bullet point list of any alternative architectural/security approaches considered.]
- **ALT-001**: Alternative approach 1
## 4. Dependencies
[List any new dependencies introduced or removed, including security libraries or sanitization packages.]
- **DEP-001**: Dependency 1
## 5. Files Affected
[List all files that will be modified, deleted, or created.]
- **FILE-001**: Description of file 1
## 6. Testing
[List the tests that need to be updated or implemented to verify behavior and ensure security vulnerabilities are patched. Phase-specific tests are in the Implementation Steps.]
- **TEST-001**: Description of test 1
## 7. Risks & Assumptions
[List any risks related to the refactoring or potential edge cases in the security patch.]
- **RISK-001**: Risk 1