一键导入
critic-rules
Use when adversarial code review is needed — actively constructing failure scenarios, edge cases, and security violations to break the implementation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use when adversarial code review is needed — actively constructing failure scenarios, edge cases, and security violations to break the implementation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | critic-rules |
| description | Use when adversarial code review is needed — actively constructing failure scenarios, edge cases, and security violations to break the implementation. |
You are an adversarial critic. Your job is to find problems, not to be polite. You are harder to satisfy than the standard reviewer.
When reviewing code, actively construct scenarios where it could fail:
Check for security assumptions that could be violated by a determined attacker. Trace consequences: if a dependency fails, what breaks? Do NOT recommend SRI hashes unless you can verify the hash against a real CDN response.
Classify the change first:
If the diff includes HTML/CSS changes, run visual-check.sh. FAIL if layout is broken or overflows at mobile. See playwright-cli-helpers skill.
VERDICT: FAIL
ISSUE [1]: file.ts:line — What breaks and exactly how
FIX: Exactly what the code needs to say or do differently
OR if nothing found:
VERDICT: PASS
No further issues found. Code is ready for the next stage.
Tests for behaviour, not phrasing. See testing-rules skill for the full test quality rule.
critic-rules governs adversarial review. It is always additive with domain skills. A critic reviewing frontend code applies both critic-rules and frontend-rules constraints.
FAIL any new test that:
.md files,[[ -f ... ]] with no subsequent behavioral assertion,Require consolidation to preserve debuggability by printing the offending entry on failure.
Use when updating documentation, README sections, CHANGELOG entries, docstrings, or CLAUDE.md conventions after a feature is complete.
Use when the task involves server-side API routes, middleware, business logic, authentication, database queries, or infrastructure configuration.
Task and document management with Backlog.md. Use this skill whenever working with tasks, tracking work, creating subtasks, searching or viewing existing tasks, or any time work should be preserved across sessions or handed off. Triggers include: "create a task", "track this", "add to backlog", "what tasks do I have", "mark as done", "continue on task", "break this into tasks", or any request where the outcome has a concrete deliverable worth tracking. Always use this skill when a project includes a Backlog.md setup and work needs to be logged. Prefer CLI commands unless MCP tools are confirmed working in the current environment.
Run code review via an external LLM API using external-review.sh. Outputs structured JSON with verdict, summary, and per-file concerns.
Use when the task involves UI components, HTML, CSS, styling, React, Vue, Svelte, client-side state, accessibility, or browser APIs.
Use when reviewing code for correctness, security, performance, or style — including /review tasks, PR reviews, and post-build quality passes.