Does this skill run actual terminal commands?

Yes, the skill is designed to trigger commands like 'npm run lint' and 'npm run dev:types' to ensure the code passes static analysis before being submitted.

What are the two passes in the self-review protocol?

Pass 1 (Verification) focuses on technical correctness, including linting, type safety, and naming. Pass 2 (Quality & Context) focuses on design logic, security (like Supabase RLS), and project-specific implementation guidelines.

How does it handle security?

It specifically checks for Supabase Row Level Security (RLS) configurations and ensures that public-facing pages do not leak sensitive or authenticated user data.

Where are the review results displayed?

The review results are prepended to the beginning of the chat response (e.g., [Self-Review: Passed]) to provide immediate confirmation of the audit.

Self-Review Protocol

Name: Self-Review Protocol
Author: shoma-endo

byshoma-endo

Security & Testing

Ensures code quality and compliance through a standardized two-pass verification and quality assurance process.

About

The Self-Review Protocol skill equips Claude with a structured methodology to validate code changes before final delivery. By executing a two-pass review—first focusing on static analysis, type safety, and naming conventions, and second on domain logic, security protocols, and architectural alignment—it ensures that every contribution is robust and secure. This skill is particularly valuable for teams using TypeScript, Supabase, and Stripe, as it includes specific checks for RLS policies and data leakage prevention on public pages.

Key Features

Security-focused review for Supabase RLS and protected data
Standardized reporting of review status in final responses
Two-pass verification system for comprehensive code auditing
Automated linting and TypeScript type-safety checks
Impact analysis for shared interfaces and project constants
0 GitHub stars

Use Cases

Auditing new features for security vulnerabilities and data leakage on public routes
Enforcing project-specific naming conventions and implementation patterns automatically
Preventing regressions when modifying shared interfaces or global constants

About

Key Features

Security-focused review for Supabase RLS and protected data
Standardized reporting of review status in final responses
Two-pass verification system for comprehensive code auditing
Automated linting and TypeScript type-safety checks
Impact analysis for shared interfaces and project constants
0 GitHub stars

Use Cases

Auditing new features for security vulnerabilities and data leakage on public routes
Enforcing project-specific naming conventions and implementation patterns automatically
Preventing regressions when modifying shared interfaces or global constants