How does Review Sonnet decide between a plan or code review?

The skill checks for specific files in the .task directory; if it finds a refined plan without an implementation result, it reviews the plan. If implementation results exist, it switches to a code review.

What is the Review Sonnet Claude Code Skill?

Review Sonnet is a specialized skill designed for Claude Code that performs rapid reviews of development plans and source code to ensure quality and security.

Does this skill help with security compliance?

Yes, it specifically checks for OWASP Top 10 vulnerabilities, including SQL injection, hardcoded secrets, XSS, and missing authentication.

When does the skill mark a review as 'needs_changes'?

The status is set to 'needs_changes' if the review identifies any 'error' severity issue or two or more 'warning' severity issues.

Can I use the output for automation?

Yes, the skill writes a standardized review-sonnet.json file to the .task folder, which can be parsed by other scripts or CI/CD pipelines.

Review Sonnet (Fast Code Review)

Name: Review Sonnet (Fast Code Review)
Author: cskwork

bycskwork

0•

セキュリティとテスト

Performs rapid, automated reviews of development plans and code implementations to identify security risks, logic errors, and testing gaps.

Review Sonnet is a high-speed review skill for Claude Code that provides practical, actionable feedback on both technical plans and completed code. By automatically detecting the current state of a task via local metadata, it applies targeted analysis to ensure feasibility, security, and correctness. It specifically audits for OWASP Top 10 vulnerabilities and evaluates test coverage, providing a structured JSON output that can be used to gate progress. This skill is ideal for developers who want a first-pass quality check to catch obvious issues before deeper manual analysis or deployment.

主な機能

01Structured JSON output for CI/CD compatibility

02Automated detection of plan-vs-code review contexts

030 GitHub stars

04Security auditing focused on OWASP Top 10 vulnerabilities

05Test coverage validation and execution checks

06Severity-based decision logic for automated approvals

ユースケース

01Validating a technical architecture plan before starting implementation

02Ensuring new code changes are accompanied by adequate test coverage

03Quickly identifying security flaws like hardcoded secrets or injection risks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cskwork/llm-review review-sonnet

For use in Claude.ai and ChatGPT

Download Skill