How does it determine if a review passes or fails?

The skill follows strict decision rules: any 'error' severity issue or three or more 'warning' issues will result in a 'needs_changes' status.

Can it review implementation plans before I write code?

Absolutely. If a plan file exists, the skill evaluates it for feasibility, completeness, and potential security concerns in the proposed approach.

Does it support security auditing?

Yes, it specifically checks for OWASP Top 10 vulnerabilities, including SQL injection, hardcoded secrets, XSS, and missing authentication checks.

What is the Review Sonnet skill?

Review Sonnet is a Claude Code Skill that provides fast, automated reviews of code and implementation plans to identify quality, security, and testing issues.

Where are the review results stored?

Results are written to a standardized JSON file at .task/review-sonnet.json, making it easy to integrate with other automation tools.

Review Sonnet (Fast Review)

Name: Review Sonnet (Fast Review)
Author: cskwork

bycskwork

0•

보안 및 테스팅

Performs rapid, practical code and plan reviews focusing on security, quality, and test coverage using Claude 3.5 Sonnet.

Review Sonnet is a high-velocity automated reviewer skill designed to streamline the development lifecycle. It intelligently toggles between reviewing implementation plans and final code changes, evaluating them against strict standards for correctness, error handling, and security. By auditing for OWASP Top 10 vulnerabilities and verifying test coverage, it acts as a critical first line of defense, providing structured feedback in JSON format to help developers identify obvious bugs and security risks before deeper manual analysis.

주요 기능

010 GitHub stars

02Security auditing covering OWASP Top 10 vulnerabilities like injection and XSS

03Standardized JSON reporting with severity-based approval workflows

04Dual-mode analysis for implementation plans and code implementations

05Automated logic bug detection and error handling verification

06Test coverage validation including the ability to trigger test runs

사용 사례

01Pre-implementation sanity checks to catch gaps in technical plans

02Rapid security auditing for hardcoded secrets and common vulnerabilities

03Automated quality gate enforcement during local development workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cskwork/llm-review review-sonnet

For use in Claude.ai and ChatGPT

Download Skill