pre-landing-review
Pre-Landing Review
Gate-oriented safety audit for code changes before landing. Uses a structured checklist with two-pass severity triage and blocking/non-blocking classification.
Distinct from pr-review: pr-review is a multi-dimension code quality review. This skill is a gate-oriented safety audit — it uses an external checklist with two-pass severity triage and a blocking/non-blocking classification.
Native alternative: Claude Code's
/ultrareviewruns a dedicated native review session optimized for bug-finding (Anthropic ships three free per month on Pro/Max plans at Opus 4.7's launch). Use this skill for checklist-driven, gate-oriented blocking classification with a documented triage protocol; use/ultrareviewfor lightweight bug-hunting on a single change.
Workflow
1. Determine Diff
Identify the changes to review:
- If on a feature branch: diff against the default branch (
git symbolic-ref refs/remotes/origin/HEAD) - If given a PR number: fetch that PR's diff
- If given specific files: review those files
2. Load Checklist
Read references/checklist.md. This is mandatory — if the checklist is unreadable, STOP and report the error.
3. Pass 1 — CRITICAL (blocking)
Review the diff against critical safety categories. These are potential ship-blockers.
SQL & Data Safety
- Raw SQL without parameterization
- Schema changes without migration safety (lock timeout, reversibility)
- Bulk updates/deletes without WHERE clause verification
- Direct column updates bypassing model validations/callbacks
Race Conditions & Concurrency
- Read-then-write without locking
- Unique constraint reliance without database-level enforcement
- Shared mutable state without synchronization
- Queue/background job idempotency
Trust Boundaries
- LLM/AI output used in SQL, shell commands, or rendered HTML without sanitization
- User input reaching privileged operations without validation
- External API responses used without schema validation
- Deserialization of untrusted data
For each CRITICAL finding:
- Cite exact file and line
- Explain the specific risk
- Use
AskUserQuestionwith exactly three options: Fix now / Acknowledge risk / False positive - If "Fix now": make the fix, then re-check
- If "Acknowledge": record acknowledgment, continue
- If "False positive": record, continue
4. Pass 2 — INFORMATIONAL (non-blocking)
Review against remaining categories:
Conditional Side Effects — side effects hidden in conditional branches, callbacks triggered by state changes, error handlers silently swallowing failures.
Magic Numbers — unexplained numeric literals, hardcoded thresholds without constants, timeout values without rationale.
Dead Code — unreachable branches, unused imports, commented-out code without explanation.
Test Gaps — new code paths without test coverage, modified behavior without updated tests, missing edge case and error path tests.
Crypto & Entropy — weak random sources for security contexts, hardcoded secrets, missing TLS/encryption for sensitive data in transit.
Time Window Safety — timezone-naive comparisons, daylight saving edge cases, cron expressions not accounting for clock skew.
Type Coercion — implicit type conversions that could lose data, numeric precision loss across boundaries, implicit string encoding at I/O boundaries.
Present all informational findings in a single summary table (file, line, category, description).
5. Gate Classification
- All Pass 1 issues resolved (fixed or acknowledged) → CLEAR TO LAND
- Any unresolved Pass 1 issue → BLOCKED
- Pass 2 issues are advisory — they don't block landing
6. Suppressions
Do NOT flag:
- Test files using test fixtures/factories
- Migration files following framework conventions
- Comments explaining why a pattern is intentional
- Configuration files with documented values
- Type stubs or interface definitions
Output
Gate verdict (CLEAR TO LAND / BLOCKED), critical issues summary with resolution status, informational findings table.
This skill is read-only by default — only modifies code when user explicitly chooses "Fix now" on a critical issue.
More from mathews-tom/armory
architecture-diagram
Generate layered architecture diagrams as self-contained HTML with inline SVG icons, CSS Grid containers, and connection overlays. Triggers on: "architecture diagram", "infra diagram", "system diagram", "deployment diagram", "topology", "draw architecture". NOT for architecture reviews, use architecture-reviewer.
61architecture-reviewer
Architecture reviews across 7 dimensions (structural, scalability, enterprise readiness, performance, security, ops, data) with scored reports. Triggers on: "review architecture", "critique design", "audit system", "assess scalability", "enterprise readiness", "technical due diligence". NOT for diagrams, use architecture-diagram.
59concept-to-video
Turn concepts into animated explainer videos using Manim (Python) with MP4/GIF output, audio overlay, multi-scene composition. Triggers on: "create a video", "animate this", "make an explainer", "manim animation", "motion graphic". NOT for React video, use remotion-video.
57youtube-analysis
Extract YouTube transcripts and produce structured concept analysis with multi-level summaries, key concepts, takeaways. Uses youtube-transcript-api with yt-dlp fallback. Triggers on: "analyze youtube video", "youtube transcript", "summarize this video", "extract concepts from video", "video key points", or any youtube.com/youtu.be URL.
57code-refiner
Deep code simplification and refactoring preserving behavior across Python, Go, TypeScript, Rust. Targets complexity, anti-patterns, readability debt. Triggers on: "simplify this code", "refactor for clarity", "reduce complexity", "make this more readable", "tech debt cleanup", "too much nesting".
56humanize
Detects and removes AI-generated writing patterns while preserving meaning and facts. Triggers on: "humanize text", "make this sound human", "remove AI patterns", "rewrite to sound natural", "make this less AI", "de-slop this", "not sound like ChatGPT", "human pass".
56