How does it determine if a review passes or fails?

The skill follows strict decision rules: any 'error' severity issue or three or more 'warning' issues will result in a 'needs_changes' status.

Can it review implementation plans before I write code?

Absolutely. If a plan file exists, the skill evaluates it for feasibility, completeness, and potential security concerns in the proposed approach.

Does it support security auditing?

Yes, it specifically checks for OWASP Top 10 vulnerabilities, including SQL injection, hardcoded secrets, XSS, and missing authentication checks.

What is the Review Sonnet skill?

Review Sonnet is a Claude Code Skill that provides fast, automated reviews of code and implementation plans to identify quality, security, and testing issues.

Where are the review results stored?

Results are written to a standardized JSON file at .task/review-sonnet.json, making it easy to integrate with other automation tools.

Review Sonnet (Fast Review)

Name: Review Sonnet (Fast Review)
Author: cskwork

bycskwork

보안 및 테스팅

Performs rapid, practical code and plan reviews focusing on security, quality, and test coverage using Claude 3.5 Sonnet.

소개

Review Sonnet is a high-velocity automated reviewer skill designed to streamline the development lifecycle. It intelligently toggles between reviewing implementation plans and final code changes, evaluating them against strict standards for correctness, error handling, and security. By auditing for OWASP Top 10 vulnerabilities and verifying test coverage, it acts as a critical first line of defense, providing structured feedback in JSON format to help developers identify obvious bugs and security risks before deeper manual analysis.

주요 기능

0 GitHub stars
Security auditing covering OWASP Top 10 vulnerabilities like injection and XSS
Standardized JSON reporting with severity-based approval workflows
Dual-mode analysis for implementation plans and code implementations
Automated logic bug detection and error handling verification
Test coverage validation including the ability to trigger test runs

사용 사례

Pre-implementation sanity checks to catch gaps in technical plans
Rapid security auditing for hardcoded secrets and common vulnerabilities
Automated quality gate enforcement during local development workflows

소개

주요 기능

0 GitHub stars
Security auditing covering OWASP Top 10 vulnerabilities like injection and XSS
Standardized JSON reporting with severity-based approval workflows
Dual-mode analysis for implementation plans and code implementations
Automated logic bug detection and error handling verification
Test coverage validation including the ability to trigger test runs

사용 사례

Pre-implementation sanity checks to catch gaps in technical plans
Rapid security auditing for hardcoded secrets and common vulnerabilities
Automated quality gate enforcement during local development workflows