Stats
Actions
Tags
From draft
Performs ad-hoc code reviews of PRs, diffs, or files across four dimensions: security, performance, correctness, maintainability. No track context needed.
How this skill is triggered — by the user, by Claude, or both
Slash command
/draft:quick-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are performing a lightweight, ad-hoc code review. This is the fast alternative to `/draft:review` — no track context needed, focused on a specific PR, diff, or file set.
You are performing a lightweight, ad-hoc code review. This is the fast alternative to /draft:review — no track context needed, focused on a specific PR, diff, or file set.
When draft/graph/schema.yaml exists, this skill must follow the graph-first lookup contract in core/shared/graph-query.md §Mandatory Lookup Contract. Quick-review keeps the graph load light:
First resolve the bundled helpers:
# Locate Draft's bundled helpers (cwd is the user's project; ${CLAUDE_PLUGIN_ROOT}
# is not exported into skill Bash). See core/shared/tool-resolver.md.
DRAFT_TOOLS="$(cat ~/.cache/draft/plugin-root 2>/dev/null)/scripts/tools"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$(ls -d ~/.claude/plugins/cache/*/draft/*/scripts/tools 2>/dev/null | sort -V | tail -1)"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$(ls -d ~/.claude/plugins/marketplaces/*draft*/scripts/tools 2>/dev/null | tail -1)"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$PWD/scripts/tools"
"$DRAFT_TOOLS/hotspot-rank.sh" --repo . for every changed file (Step 2 blast-radius pre-check below)."$DRAFT_TOOLS/graph-callers.sh" --repo . --symbol <name> to enumerate the call sites before claiming "no other usages".Filesystem grep is reserved for source-text scans (literal strings, regex patterns). Symbol and caller discovery go through the graph.
See shared red flags — applies to all code-touching skills.
Skill-specific:
Read the code. Ground every finding in a specific line.
Before starting, capture the current git state:
git branch --show-current # Current branch name
git rev-parse --short HEAD # Current commit hash
Store this for the review report header. The review is scoped to this specific branch/commit.
ls draft/ 2>/dev/null
If draft/ exists, read and follow core/shared/draft-context-loading.md. This enriches review with project patterns, guardrails, and accepted patterns from tech-stack.md. Layer 0.5 of that procedure includes loading the relevant core/guardrails/language-standards.md section for the project stack — apply those standards in Dimension 4 (Maintainability) and Dimension 3 (Correctness) for language-specific patterns.
If no draft context, proceed with generic review — still valuable.
Check for arguments:
/draft:quick-review — Review staged changes (git diff --cached) or current branch diff/draft:quick-review <file> — Review specific file(s)/draft:quick-review <PR-URL> — Review a pull request (via GitHub/GitHub MCP)/draft:quick-review <commit-range> — Review specific commitsDetermine the diff to review:
get_change_detail, get_change_diff) or GitHubgit diff <range>git diff HEAD~1..HEAD (last commit)draft/graph/schema.yaml exists)Before the four-dimension review, run "$DRAFT_TOOLS/hotspot-rank.sh" --repo . and check if any files in scope appear in the output. If any file has a fanIn in the top 20% of the list, add this warning at the top of the review report:
⚠ HIGH IMPACT: {file} is a high-fanIn hotspot (fanIn={N}). Changes here propagate to many callers — review with extra care.
If no hotspot data exists or no file matches, skip silently.
Review the code across four dimensions. For each finding, cite the specific file:line.
Load core/guardrails/security.md before this dimension. Apply the 5-step security reasoning chain (identify goal → check hard red lines SEC-01…SEC-10 → assess blast radius → trace generative paths → classify). Any hard red line violation is automatically Critical.
If a violation has a // SECURITY-OVERRIDE: <ticket> <justification> annotation, downgrade to Important and include the ticket in the finding.
[RC-005, SEC-10][RC-003][RC-002, RC-011, SEC-03][RC-001, SEC-01][SEC-04][SEC-06][RC-006, SEC-05]Classify each finding:
| Severity | Action | Description |
|---|---|---|
| Critical | Must fix before merge | Security vulnerabilities, data corruption risks, crashes |
| Important | Should fix | Performance issues, logic bugs, error handling gaps |
| Suggestion | Nice to have | Style improvements, refactoring opportunities, documentation |
Present findings organized by severity:
## Quick Review: {scope description}
**Reviewer:** Draft Quick Review
**Scope:** {files/PR/commits reviewed}
**Date:** {ISO_TIMESTAMP}
### Summary
- Critical: {count}
- Important: {count}
- Suggestion: {count}
### Verdict: {PASS | PASS WITH NOTES | NEEDS CHANGES}
### Findings
#### Critical
1. **[finding title]** — `file:line`
[description and recommendation]
#### Important
...
#### Suggestion
...
### What Went Well
[2-3 positive observations about the code — good patterns, clean logic, thorough error handling]
If track-scoped, save to draft/tracks/<id>/quick-review-<timestamp>.md.
Also check core/guardrails/dependency-triage.md if the diff modifies a dependency manifest file.
MANDATORY: Include YAML frontmatter with git metadata when saving. Follow core/shared/git-report-metadata.md.
Include the report header table immediately after frontmatter:
| Field | Value |
|-------|-------|
| **Branch** | `{LOCAL_BRANCH}` → `{REMOTE/BRANCH}` |
| **Commit** | `{SHORT_SHA}` — {COMMIT_MESSAGE} |
| **Generated** | {ISO_TIMESTAMP} |
| **Synced To** | `{FULL_SHA}` |
Before printing the review report, internally verify and report:
grep/find run, state the concept it searched for.If draft/graph/schema.yaml does not exist, set Graph files queried: NONE and use justification graph data unavailable.
Emit the canonical footer from core/shared/graph-usage-report.md §Canonical footer. The lint hook scripts/tools/check-graph-usage-report.sh validates the section on save.
/draft:implement at phase boundaries as lightweight alternative to full review/draft:review if critical findings require deeper analysis/draft:learn (findings update guardrails via pattern learning)/draft:review for full three-stage analysis"/draft:deep-review for security audit"core/shared/jira-sync.mdIf no diff/file found: "No changes to review. Specify a file, PR URL, or commit range."
If MCP unavailable for PR: Fall back to local git diff. "GitHub/GitHub MCP unavailable. Reviewing local diff instead."
If no draft context: Proceed with generic review patterns. Note: "Review enriched when draft context is available (run /draft:init)."
npx claudepluginhub drafthq/draft --plugin draftReviews code changes, PRs, and diffs for security vulnerabilities, performance issues, correctness bugs, and maintainability problems with tables for issues and suggestions.
Reviews code changes for correctness, readability, architecture, security, and performance. Checks lint, type safety, test coverage, and security issues. Use for PRs, audits, or pre-merge reviews.
Reviews diffs, PRs, and agent output for bugs, security issues, mocks, and code quality. Automates codebase audits with domain-specific checks and deep scanning.