Stats
Actions
Tags
From Flagrare
Reviews pull requests with full context by fetching linked Jira tickets, Figma designs, and Notion docs via MCP, then running parallel subagents for systematic code review.
How this skill is triggered — by the user, by Claude, or both
Slash command
/flagrare:pr-reviewerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Reviews pull requests systematically with full context awareness and humanized feedback.
Reviews pull requests systematically with full context awareness and humanized feedback.
This skill fetches linked resources via MCP, spawns parallel review subagents for systematic analysis, then synthesises findings into friendly, GitHub-ready comment drafts.
Parse the PR from user input:
gh pr listFetch the PR details:
gh pr view <number> --json title,body,files,commits,labels,baseRefName,headRefName
gh pr diff <number>
Scan the PR title, description, branch name, and commit messages for linked resources.
Jira/Atlassian tickets:
Extract ticket IDs matching [A-Z]+-[0-9]+ (e.g. SKU-123, CORE-3211).
getAccessibleAtlassianResources to obtain cloudIdgetJiraIssue with cloudId and issueIdOrKeyFigma links:
Extract URLs matching figma.com/design/:fileKey/:fileName?node-id=...
fileKey and nodeId (convert - to : in node-id)get_design_context with fileKey and nodeIdget_screenshot for visual referenceNotion docs:
Extract URLs matching *.notion.so/... or *.notion.site/...
If MCP fails:
Note it in the review: "Could not fetch Jira ticket CORE-3211 (Atlassian MCP unavailable). Review based on PR description only." Proceed with available context.
Spawn five review subagents in parallel using model: "sonnet". Each receives the full PR diff and returns findings.
Do not run these checks sequentially. Spawn all five simultaneously, collect results, then synthesise.
Inputs: full PR diff, PR description, linked ticket acceptance criteria.
For every changed function/method:
Inputs: full PR diff, file list.
Scan for OWASP Top 10 patterns:
Only flag issues with concrete exploit paths, not theoretical risks.
Inputs: full PR diff (test files and non-test files).
For every behavior introduced or changed:
Inputs: non-test source files from the PR diff.
Also check: does the change follow the repository's existing architectural patterns, or does it introduce a novel pattern without justification?
Inputs: full PR diff, project CLAUDE.md / DEVELOPMENT_GUIDELINES.md (if they exist).
data, info, handler, manager)Layer additional review based on the fetched context:
Ticket alignment:
Design alignment (if Figma fetched):
Doc alignment (if Notion/Confluence fetched):
For every finding (from both systematic review and contextual review), produce a GitHub-ready comment draft.
Severity scale:
| Severity | Symbol | Meaning |
|---|---|---|
| Critical | CRITICAL | Must fix before merge: bugs, security, broken behavior |
| Suggestion | SUGGESTION | Should consider: quality, clarity, maintainability |
| Nice to have | NICE | Optional improvement |
Comment requirements:
Voice and examples:
Voice setup. Think of the author as a teammate you respect, someone who's going to read this tomorrow morning before they've had coffee. They already shipped a draft, which took real effort. Write the way you'd actually talk to them at lunch. Usually that means starting from what we noticed rather than what we want done, and asking instead of telling when we're not sure. Use "we" where it fits, since the code is something we share.
Concrete before-and-after pairs. The envelope around each comment (severity, file, line) stays the same; only the comment text shifts. Eight pairs, ordered by severity, then by finding type.
1. Null check (Critical, correctness)
`venue` can be null here. Add a safe call or null check.I think `venue` can come back as null here, in the case where the search doesn't find a match. We hit something similar in BookingRepo a little while ago. Should we add a guard for it?2. SQL injection (Critical, security)
SQL injection risk. Use parameterized queries.Heads up, looks like `userId` is going straight into the query string here. Should we switch this over to a parameterized version? It's an easy thing to miss in review.3. Test coverage (Suggestion, tests)
Missing test for the cancelled path.Looks like we're already covering the success and reschedule paths, but not cancel. Would be good to lock that one down too if we get a chance.4. Single responsibility (Suggestion, SOLID)
This method has too many responsibilities. Extract validation.I noticed this one's doing both validation and persistence. Pulling validation out into its own function might make the tests easier for us down the line. Totally up to you, though.5. Missing edge case (Suggestion, correctness)
What happens when `items` is empty? Add handling.I was wondering what happens here if `items` comes through empty. Does the totals calc just zero out, or do we want to throw? Either way is fine, just wanted to make sure whatever we end up with is intentional.6. Generic naming (Suggestion, clean code)
`data` is too generic. Rename.I think this `data` could probably use a more specific name, maybe something like `customerLoyaltyRecord` or whatever fits the actual shape. Future-us would probably thank us when we're grepping for it in six months.7. Magic number (Nice, clean code)
Replace magic number `86400` with a named constant.Small thing, but `86400` would probably read more clearly as `SECONDS_PER_DAY`. Takes a beat to recognize it otherwise. Worth pulling out into a constant?8. Convention match (Nice, clean code)
Use early return.Heads up, the rest of `BookingService` is going with early-returns on validation failures. Might be worth doing the same here, just for consistency.What the pairs are showing:
Humanization rules (apply to every comment):
Format per finding:
CRITICAL - `path/to/File.kt` L45
GitHub comment: I think `venue` can come back as null here when the search doesn't find a match. Should we add a guard for it?
SUGGESTION - `reservations/BookingService.kt` L32
GitHub comment: I noticed this method's doing a fair bit. Pulling validation out into its own function might make the tests easier for us. Totally up to you.
NICE - `reservations/BookingServiceTest.kt` (file-level)
GitHub comment: Would be good to add a test for the cancelled path too, if we get a chance.
## PR Review: <PR title>
### Context Fetched
- Jira: <ticket key> - <summary> (or "not linked" / "MCP unavailable")
- Figma: <file/frame> (or "not linked")
- Notion: <page> (or "not linked")
### Overall Assessment
[One paragraph: what the PR does, whether it aligns with the ticket/design, and the verdict: approve / approve with feedback / needs work]
### Findings
[All findings grouped by file, each with severity and GitHub comment draft]
### Checklist
- [ ] Logic correct and edge cases handled
- [ ] No security issues
- [ ] Tests cover new/changed behavior
- [ ] Code follows project conventions
- [ ] PR description explains what and why
- [ ] Ticket acceptance criteria met
- [ ] Design alignment verified (if applicable)
[PR created or shared]
|
v
/flagrare:pr-reviewer
|--- Step 1-2: fetch PR + linked resources (Jira, Figma, Notion)
|--- Step 3: 5 parallel subagents (correctness, security, tests, SOLID, clean code)
|--- Step 4: contextual review (ticket/design/doc alignment)
|--- Step 5: humanize all findings into GitHub comment drafts
|--- Step 6: present combined review
|
v
[user approves posting or adjusts]
npx claudepluginhub flagrare/agent-skills --plugin flagrareProvides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.