Stats
Actions
Tags
From dev-toolkit
Review recently-touched code for bugs, oversights, security issues, and convention violations. Use when the user asks to "audit", "review", "sanity-check", "predeploy-check", or "scan" recent changes — including phrasings like "did I break anything", "go over what we just did", "find blunders". Targets code Claude touched (uncommitted working-tree changes plus recent Claude-coauthored commits) by default; with arg "uncommitted" or "wt" only the working tree is reviewed.
How this skill is triggered — by the user, by Claude, or both
Slash command
/dev-toolkit:auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A multi-step, multi-agent audit of recent code changes. The goal is to catch
A multi-step, multi-agent audit of recent code changes. The goal is to catch likely bugs, forgotten work, security holes, and convention violations — not to lecture about tests, abstractions, or style nits the codebase doesn't already enforce.
Respond to the user in their input language. Section headers (🔴 / 🟡 / 🟢, "Lint", file paths, line numbers) stay as-is — they are structural markers. Prose findings, rationale lines, and the final verdict use the user's language.
Follow these steps in order. Use parallel tool calls wherever steps are independent.
Run these in parallel:
git status --shortgit diff HEAD (uncommitted, including staged)git log -30 --pretty=format:"%H%x09%an%x09%s" --grep="Co-Authored-By: Claude" (recent Claude commits)git rev-parse --abbrev-ref HEAD and git rev-parse --abbrev-ref --symbolic-full-name @{u} 2>/dev/null to find the upstream/mainIf the user passed an arg of uncommitted / wt / working-tree, skip
the Claude-commits search and only review the uncommitted diff.
If the user passed branch or vs-main, also include git diff <main>...HEAD
(use the branch returned by git symbolic-ref refs/remotes/origin/HEAD or fall
back to main).
For each Claude-coauthored commit found, capture the diff with
git show --stat <hash> (just stats — full diffs go to sub-agents).
If the combined target is empty, report "No recent Claude-touched changes to audit." and stop.
In parallel:
CLAUDE.md from the repo root and any in subdirs that the diff
touched (find . -name CLAUDE.md -not -path "*/node_modules/*", then read
the ones above touched files)./ with -, drop the leading
-) and read ~/.claude/projects/-<encoded>/memory/MEMORY.md if it exists.
Then read each linked memory file referenced by that index that looks
topically relevant to the diff (lint/format rules, generation taboos,
framework conventions, deployment rules).package.json (or root) to understand what kind of project
this is.These rules are first-class signals — a violation of a CLAUDE.md or memory rule is a 🔴 finding, not a nit.
Exclude these from the review (silently — don't mention them):
.svelte-kit/, dist/, build/, .next/,
node_modules/, out/, coverage/, .turbo/pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock**/lib/paraglide/messages/, **/paraglide/runtime/.d.ts inside dist/.svelte-kit/cloudflare/_worker.jsTouched root-level messages/*.json (paraglide source files) are in scope.
For any TypeScript / JavaScript / Svelte / Node project:
package.json has a lint script, run pnpm lint.pnpm -r lint if a
root script doesn't exist, or filter to affected workspaces:
pnpm --filter "<pkg>" lint for each touched package.pnpm lint doesn't exist anywhere, skip silently — do not fall back
to tsc, svelte-check, eslint, or prettier. Only pnpm lint.Run lint in the background in parallel with the agent dispatch in step 5 — by the time agents return, lint output is usually ready.
Spawn multiple Explore / general-purpose subagents in a single message so they run concurrently. Each gets a focused brief and a list of relevant files from the diff.
Suggested split (collapse or expand based on diff size):
CLAUDE.md and memory rules
(e.g. paraglide source-of-truth, no manual migration generation, format-on-
finish, use pnpm not npm). Cross-check style against neighboring code in the
same project, not against generic best practices.Each agent must return findings in the schema below — nothing else.
Brief each agent like a colleague: tell it the project type, the specific files in its slice of the diff (with paths), the relevant CLAUDE.md / memory rules to enforce, and ask for "under N findings, only the ones you'd actually flag in a code review." Tell each agent not to suggest tests, abstractions, or speculative improvements — only concrete defects.
Merge agent findings + lint output. Deduplicate. Drop anything that violates the out-of-scope list below. Sort within each tier by file path.
## 🔴 Likely bugs / security
- `path/to/file.ts:42` — <one-line why>. <optional 2nd line if needed>
- ...
## 🟡 Forgotten / incomplete
- `path/to/file.ts:88` — <one-line why>.
## 🟢 Style / nits
- `path/to/file.ts:12` — <one-line why>.
## ℹ️ Notes
- <thing worth confirming, not necessarily wrong>
## Lint
- ✅ pnpm lint clean — OR — N issues (pasted/summarized below)
Each line: file path with line number, one-line rationale. No wall-of-text explanations. If something genuinely needs more, add one indented follow-up line max.
End with a one-sentence verdict: e.g. "Looks shippable, two 🟡 worth a quick pass" or "Don't ship — 🔴 #1 will break login."
anys that already existed before the change<no arg> — default: uncommitted + recent Claude commitsuncommitted / wt — working tree onlybranch / vs-main — full branch diff vs mainProvides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub spacehub-mn/spacehub-skills --plugin dev-toolkit