Stats
Actions
Tags
From vibereq
Create a specialized reviewer skill that checks code against requirements or standards
How this skill is triggered — by the user, by Claude, or both
Slash command
/vibereq:create-reviewerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are helping the user create a custom reviewer skill. Reviewers are skills that analyze code changes against requirements, standards, or other criteria.
You are helping the user create a custom reviewer skill. Reviewers are skills that analyze code changes against requirements, standards, or other criteria.
The script to fetch intent files (auto-generates missing intents from transcripts):
plugins/vibereq/scripts/get-intents.py
Use this path with python3 in the generated skill's ! command:
!`python3 plugins/vibereq/scripts/get-intents.py`
Reviewers created by this skill will:
ci argument)The generated skill will be saved to .claude/skills/[name]/SKILL.md in the current project.
Use AskUserQuestion to batch questions together (the tool supports 1-4 questions per call). Minimize round-trips by grouping related questions.
Question 1 - Reviewer Name:
code-review, security-review, qa-review, accessibility-reviewQuestion 2 - Reviewer Focus (single-select):
Question 3 - Source of Truth (multi-select):
Question 4 - Verification Method:
If "Custom document" was selected in Sources, OR if "Active verification" was selected, ask follow-up questions in a second batch.
If Custom document selected:
If Active verification selected (based on focus):
For QA/Usability:
npx playwright test)http://localhost:3000)For Security:
npm audit, semgrep .)For other focuses:
Present a summary of the inferred configuration and ask the user to confirm:
.claude/skills/{name}/SKILL.mdclaude-sonnet-4-6Use a single question: "Does this configuration look correct?" with options Yes / Adjust.
Based on user choices, infer allowed-tools:
| Focus | Static Tools | Active Tools |
|---|---|---|
| Code Review | Read, Grep, Glob, Bash(git diff *) | - |
| Security | Read, Grep, Glob, Bash(git diff *) | Bash(npm audit *), Bash(semgrep *) |
| QA/Usability | Read, Grep, Glob | Bash(npx playwright *), Bash(npm run *) |
| Accessibility | Read, Grep, Glob, Bash(git diff *) | Bash(npx pa11y *), Bash(npx axe *) |
| Performance | Read, Grep, Glob, Bash(git diff *) | Bash(npm run bench *) |
| Test Coverage | Read, Grep, Glob | Bash(npm test *), Bash(npx jest *) |
Once you have all information, generate a SKILL.md file with this structure:
---
name: {reviewer-name}
description: {description based on focus}
context: fork
agent: general-purpose
model: {model}
allowed-tools: {inferred tools}
args:
- name: mode
description: Output mode - 'ci' for JSON output
required: false
---
# {Title} Review
## Requirements
{If intent files selected:}
The following requirements were captured from checkpoint intent files:
\!`python3 plugins/vibereq/scripts/get-intents.py`
{If external standards selected, include reference:}
Additionally, check against: {standards references}
{If custom document selected:}
Project standards from `{custom-path}`:
\!`cat {custom-path} 2>/dev/null || echo "Standards document not found"`
## Current Changes
\!`git --no-pager diff main...HEAD`
## Your Task
{Instructions specific to the focus area}
### Output Format
Check the `mode` argument:
**If `mode` is "ci":**
CRITICAL: Your entire response must be ONLY the raw JSON object below. Do not include:
- Any text before the JSON (no "Based on my analysis...", "Here is the output:", etc.)
- Any text after the JSON
- Markdown code fences (\`\`\`json or \`\`\`)
- Any commentary or explanation
Start your response with `{` and end with `}`. Nothing else.
JSON structure:
{
"status": "pass" | "fail" | "warn",
"summary": "Brief one-line summary",
"findings": [
{
"requirement": "What was expected",
"status": "fulfilled" | "partial" | "missing" | "violation",
"severity": "critical" | "major" | "minor" | "info",
"location": {
"file": "path/to/file.ts",
"line": 42,
"endLine": 45
} | null,
"details": "Explanation with evidence and recommendations"
}
]
}
Notes on the location field:
- Set `location` to an object with `file` and `line` when the finding relates to a specific code location
- `endLine` is optional, use it for multi-line findings
- Set `location` to `null` for general findings not tied to specific code (e.g., missing functionality)
- The `file` path must be relative to the repository root
- The `line` must be within the diff range for the file (changed lines only)
**If `mode` is not "ci" (default):**
Output a human-readable markdown report with:
- Summary of findings
- Detailed analysis per requirement
- Specific file:line references for issues
- Concrete recommendations
Include these task instructions based on the focus:
Code Review:
For each requirement from the intent files:
1. **Status**: Fulfilled, Partially Fulfilled, or Missing
2. **Evidence**: Reference specific code changes that address the requirement
3. **Issues**: Any problems, bugs, or deviations from the requirement
4. **Recommendations**: Concrete fixes for identified issues
Also identify:
- Code that doesn't map to a stated requirement (scope creep)
- Potential bugs or edge cases not handled
- Code quality concerns (error handling, type safety)
Security:
Check for OWASP Top 10 vulnerabilities in the diff:
1. Injection (SQL, command, XSS)
2. Broken authentication/session management
3. Sensitive data exposure (secrets, credentials, PII)
4. Security misconfiguration
5. Insecure dependencies
For each finding:
- Severity: critical, major, minor, info
- Location: exact file:line
- Issue: what the vulnerability is
- Fix: concrete remediation steps
QA/Usability:
{Include user-provided commands here}
Test the application against the requirements:
1. Start the application: {setup command}
2. Navigate to: {base URL}
3. For each requirement, attempt to verify it works from a user perspective
4. Document: what worked, what failed, screenshots if possible
Focus on:
- Happy path functionality
- Error states and edge cases
- User experience issues
Accessibility:
Check WCAG 2.1 compliance:
- Level A (must fix): Missing alt text, keyboard traps, missing labels
- Level AA (should fix): Color contrast, focus indicators, error identification
- Level AAA (nice to have): Sign language, extended audio description
For UI changes in the diff, verify:
- Semantic HTML usage
- ARIA attributes where needed
- Keyboard navigability
- Screen reader compatibility
Performance:
Analyze the diff for performance concerns:
- Algorithm complexity (O(n²) loops, unnecessary iterations)
- Database queries (N+1 problems, missing indexes)
- Memory usage (large allocations, leaks)
- Bundle size impact (large imports, tree-shaking issues)
- Caching opportunities missed
{If active verification, include profiling commands}
Test Coverage:
For each requirement, verify:
1. Unit tests exist that cover the functionality
2. Integration tests for cross-component behavior
3. Edge cases are tested
4. Error paths are tested
{Include test command}
Run coverage and report:
- Which requirements have test coverage
- Which requirements are missing tests
- Suggestions for test cases to add
After generating the skill:
.claude/skills/{name}/SKILL.md/{name} or /{name} cinpx claudepluginhub dipasqualew/vibereq --plugin vibereqReviews code, plans, and scope from multiple angles before acceptance, with security and quality checks. Auto-detects review targets or prompts for clarification.
Performs structured code reviews on git branches or PRs using tiered persona agents, confidence-gated findings, and a merge/dedup pipeline. Use before creating PRs or for feedback on changes.
Reviews diffs, PRs, and agent output for bugs, security issues, mocks, and code quality. Automates codebase audits with domain-specific checks and deep scanning.