v-review
The future-check code review skill for Claude Code.
A current-check review asks does it work today? — builds, tests, demo. A future-check review asks what does this lock the team into for the next six months? This skill is the second question, asked with the same tools the first one had — minus the deference, minus the schedule pressure, plus the willingness to say no.
What it does
Activated when you ask Claude to review a branch, PR, commit, or staged diff. v-review then:
- Reads the project's
CLAUDE.md, AGENTS.md, and any .claude/rules/ files so project conventions override anything in the skill.
- Dispatches the right specialist subagents in parallel —
security-reviewer when auth is touched, code-reviewer as an independent second opinion, language-specific reviewers (csharp-reviewer, typescript-reviewer, etc.), database-reviewer for migrations, and chains differential-review, finding-duplicate-functions, insecure-defaults, semgrep, codeql where the diff signals warrant it.
- Walks an 18-item hunt list — silent catches, unjustified additions, boolean-flag API smells, redundant DI registrations, parallel-instance configuration drift, duplicated/re-invented helpers, semantic duplicate functions, framework-primitive re-implementations, domain-language drift, dead code, test smells (force-clicks, retry loops, swallowed assertions, tests that assert LINQ exists), missing
sealed, mis-named Try* methods, hand-edited generated artifacts (migrations, lockfiles), useless imports, the full security checklist, leftover artifacts, and architecture-doc/code contradictions.
- Applies mechanical fixes, runs build + targeted tests, then stages the result with
git add and stops. The author reviews staged diffs before they land — committing eagerly turns review into post-mortem.
- Returns a
Was → Now table per finding, severity tags (CRITICAL/HIGH/MEDIUM/LOW), unfixed-but-flagged issues, considered-but-deliberately-left calls with one-sentence reasoning, the skills + subagents invoked with headline outputs, and the exact build + test commands run with pass/fail.
The skill is opinionated. It refuses additions with no stated reason, calls out UI-only authorization, flags any migration that moves data without backfill as a data-loss event, and rewrites domain-language drift (e.g. "tenant" terminology in single-instance codebases) without ceremony. If you can't defend a line in one sentence, it goes.
Install
As a Claude Code plugin (recommended)
The repository ships its own single-plugin marketplace, so a one-liner resolves cleanly:
/plugin install vavdb/v-review
This clones the repo, registers the vavdb marketplace, installs the v-review plugin, and exposes the bundled subagents (csharp-reviewer, database-reviewer, database-schema-reviewer, playwright-test-reviewer, security-reviewer) without further steps. Restart Claude Code if it doesn't pick the plugin up immediately.
Manually (clone + symlink)
If the one-liner fails or you want a checked-out copy you can edit:
git clone https://github.com/vavdb/v-review.git ~/.claude/plugins/v-review
# or, install just the orchestrator skill globally (without the bundled subagents):
git clone https://github.com/vavdb/v-review.git /tmp/v-review-src
cp -r /tmp/v-review-src/skills/v-review ~/.claude/skills/v-review
After install, restart Claude Code and the skill registers as v-review.
Installing the recommended companions
/plugin install vavdb/v-review does NOT auto-install the companions listed in Recommended companions — Claude Code's plugin manager doesn't read the recommendedCompanions field in .claude-plugin/plugin.json for dependency resolution. v-review degrades gracefully when they're missing (the pre-flight availability check prints which are available and which it's skipping), but you get fuller coverage with them installed.
Two ways to install them:
1. Tell Claude to do it in natural language. In a fresh session after installing v-review, say something like:
install vavdb/v-review's recommended companion plugins
Claude reads the README's Recommended companions table and runs /plugin install <each> for the ones you don't already have. Not a built-in plugin-manager command — just NL plus Claude reading documentation.
2. Install each one yourself. Install only those whose stack you use — companion list reflects the maintainer's stack (.NET / Blazor / MudBlazor / EF Core / Azure SQL).
Plugins (one /plugin install per line, from inside Claude Code):
# anthropic marketplace (preinstalled with Claude Code)
/plugin install microsoft-docs@claude-plugins-official # .NET / Azure / EF Core API verification
/plugin install pr-review-toolkit@claude-plugins-official # silent-failure-hunter, comment-analyzer, pr-test-analyzer, type-design-analyzer
