Context-driven code reviews prioritizing quality, security, testability, and maintainability.
Works with
Organizes feedback into four priority levels: blockers (must fix), major issues (should fix), minor improvements, and suggestions, with clear templates and rationale for each
Covers five core review areas: logic correctness, security risks, test coverage, performance issues, and error handling; explicitly excludes style nitpicking and formatting
Recommends reviewing code in chunks under 400
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versioncode-review-qualityExecute the skills CLI command in your project's root directory to begin installation:
Fetches code-review-quality from proffesor-for-testing/agentic-qe and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate code-review-quality. Access via /code-review-quality in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
297
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
297
stars
<default_to_action> When reviewing code or establishing review practices:
Quick Review Checklist:
Critical Success Factors:
| Level | Icon | Meaning | Action |
|---|---|---|---|
| Blocker | 🔴 | Bug/security/crash | Must fix before merge |
| Major | 🟡 | Logic issue/test gap | Should fix before merge |
| Minor | 🟢 | Style/naming | Nice to fix |
| Suggestion | 💡 | Alternative approach | Consider for future |
| Lines Changed | Recommendation |
|---|---|
| < 200 | Single review session |
| 200-400 | Review in chunks |
| > 400 | Request PR split |
| ✅ Review | ❌ Skip |
|---|---|
| Logic correctness | Formatting (use linter) |
| Security risks | Naming preferences |
| Test coverage | Architecture debates |
| Performance issues | Style opinions |
| Error handling | Trivial changes |
🔴 **BLOCKER: SQL Injection Risk**
This query is vulnerable to SQL injection:
```javascript
db.query(`SELECT * FROM users WHERE id = ${userId}`)
Fix: Use parameterized queries:
db.query('SELECT * FROM users WHERE id = ?', [userId])
Why: User input directly in SQL allows attackers to execute arbitrary queries.
### Major (Should Fix)
```markdown
🟡 **MAJOR: Missing Error Handling**
What happens if `fetchUser()` throws? The error bubbles up unhandled.
**Suggestion:** Add try/catch with appropriate error response:
```javascript
try {
const user = await fetchUser(id);
return user;
} catch (error) {
logger.error('Failed to fetch user', { id, error });
throw new NotFoundError('User not found');
}
### Minor (Nice to Fix)
```markdown
🟢 **minor:** Variable name could be clearer
`d` doesn't convey meaning. Consider `daysSinceLastLogin`.
💡 **suggestion:** Consider extracting this to a helper
This validation logic appears in 3 places. A `validateEmail()` helper would reduce duplication. Not blocking, but might be worth a follow-up PR.
Reviews must meet a minimum weighted finding score of 3.0 (CRITICAL=3, HIGH=2, MEDIUM=1, LOW=0.5, INFORMATIONAL=0.25). If the initial review falls short, run the qe-devils-advocate agent as a meta-reviewer to find additional observations. Every review should have at least 3 actionable observations.
// Comprehensive code review
await Task("Code Review", {
prNumber: 123,
checks: ['security', 'performance', 'testability', 'maintainability'],
feedbackLevels: ['blocker', 'major', 'minor'],
autoApprove: { maxBlockers: 0, maxMajor: 2 }
}, "qe-quality-analyzer");
// Security-focused review
await Task("Security Review", {
prFiles: changedFiles,
scanTypes: ['injection', 'auth', 'secrets', 'dependencies']
}, "qe-security-scanner");
// Test coverage review
await Task("Coverage Review", {
prNumber: 123,
requireNewTests: true,
minCoverageDelta: 0
}, "qe-coverage-analyzer");
aqe/code-review/
├── review-history/* - Past review decisions
├── patterns/* - Common issues by team/repo
├── feedback-templates/* - Reusable feedback
└── metrics/* - Review turnaround time
const reviewFleet = await FleetManager.coordinate({
strategy: 'code-review',
agents: [
'qe-quality-analyzer', // Logic, maintainability
'qe-security-scanner', // Security risks
'qe-performance-tester', // Performance issues
'qe-coverage-analyzer' // Test coverage
],
topology: 'parallel'
});
| ✅ Do | ❌ Don't |
|---|---|
| "Have you considered...?" | "This is wrong" |
| Explain why it matters | Just say "fix this" |
| Acknowledge good code | Only point out negatives |
| Suggest, don't demand | Be condescending |
| Review < 400 lines | Review 2000 lines at once |
Prioritize feedback: 🔴 Blocker → 🟡 Major → 🟢 Minor → 💡 Suggestion. Focus on bugs and security, not style. Ask questions, don't command. Review < 400 lines at a time. Fast feedback (< 24h) beats thorough feedback.
With Agents: Agents automate security, performance, and coverage checks, freeing human reviewers to focus on logic and design. Use agents for consistent, fast initial review.
/security-testing for security-focused review/qe-coverage-analysis on changed files/qe-quality-assessmentMake data-driven prioritization decisions faster
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Prerequisites
Time Estimate
30-60 minutes to see productivity improvements
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
asyrafhussin/agent-skills
shadcn/improve
mattpocock/skills
parcadei/continuous-claude-v3
cursor/plugins
ailabs-393/ai-labs-claude-skills
code-review-quality fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
code-review-quality fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
code-review-quality is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
code-review-quality is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Keeps context tight: code-review-quality is the kind of skill you can hand to a new teammate without a long onboarding doc.
Keeps context tight: code-review-quality is the kind of skill you can hand to a new teammate without a long onboarding doc.
Useful defaults in code-review-quality — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
I recommend code-review-quality for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
I recommend code-review-quality for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Useful defaults in code-review-quality — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 25