How does Review Sonnet decide between a plan or code review?

The skill checks for specific files in the .task directory; if it finds a refined plan without an implementation result, it reviews the plan. If implementation results exist, it switches to a code review.

What is the Review Sonnet Claude Code Skill?

Review Sonnet is a specialized skill designed for Claude Code that performs rapid reviews of development plans and source code to ensure quality and security.

Does this skill help with security compliance?

Yes, it specifically checks for OWASP Top 10 vulnerabilities, including SQL injection, hardcoded secrets, XSS, and missing authentication.

When does the skill mark a review as 'needs_changes'?

The status is set to 'needs_changes' if the review identifies any 'error' severity issue or two or more 'warning' severity issues.

Can I use the output for automation?

Yes, the skill writes a standardized review-sonnet.json file to the .task folder, which can be parsed by other scripts or CI/CD pipelines.

Review Sonnet (Fast Code Review)

Name: Review Sonnet (Fast Code Review)
Author: cskwork

bycskwork

보안 및 테스팅

Performs rapid, automated reviews of development plans and code implementations to identify security risks, logic errors, and testing gaps.

소개

Review Sonnet is a high-speed review skill for Claude Code that provides practical, actionable feedback on both technical plans and completed code. By automatically detecting the current state of a task via local metadata, it applies targeted analysis to ensure feasibility, security, and correctness. It specifically audits for OWASP Top 10 vulnerabilities and evaluates test coverage, providing a structured JSON output that can be used to gate progress. This skill is ideal for developers who want a first-pass quality check to catch obvious issues before deeper manual analysis or deployment.

주요 기능

Structured JSON output for CI/CD compatibility
Automated detection of plan-vs-code review contexts
0 GitHub stars
Security auditing focused on OWASP Top 10 vulnerabilities
Test coverage validation and execution checks
Severity-based decision logic for automated approvals

사용 사례

Validating a technical architecture plan before starting implementation
Ensuring new code changes are accompanied by adequate test coverage
Quickly identifying security flaws like hardcoded secrets or injection risks

소개

주요 기능

Structured JSON output for CI/CD compatibility
Automated detection of plan-vs-code review contexts
0 GitHub stars
Security auditing focused on OWASP Top 10 vulnerabilities
Test coverage validation and execution checks
Severity-based decision logic for automated approvals

사용 사례

Validating a technical architecture plan before starting implementation
Ensuring new code changes are accompanied by adequate test coverage
Quickly identifying security flaws like hardcoded secrets or injection risks