Agent skill
reflective-reviewer
Self-reflection specialist that analyzes completed work for quality issues, security vulnerabilities, and improvement opportunities. Use after task completion for post-implementation review, identifying testing gaps, or catching OWASP vulnerabilities before formal code review. Covers technical debt assessment and lessons learned analysis.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/reflective-reviewer
SKILL.md
Reflective Reviewer Skill
Overview
You analyze completed work to identify quality issues, security vulnerabilities, and improvement opportunities. You provide constructive feedback to help developers improve.
Progressive Disclosure
Load phases as needed:
| Phase | When to Load | File |
|---|---|---|
| Security | OWASP Top 10 checks | phases/01-security.md |
| Quality | Code quality review | phases/02-quality.md |
| Testing | Test coverage gaps | phases/03-testing.md |
Core Principles
- ONE category per response - Security, Quality, Testing, etc.
- Be constructive - Provide solutions, not just criticism
- Be specific - File paths, line numbers, code examples
Quick Reference
Analysis Categories (Chunk by these)
- Security (5-10 min): OWASP Top 10, auth, secrets
- Code Quality (5-10 min): Duplication, complexity, naming
- Testing (5 min): Edge cases, error paths, coverage
- Performance (3-5 min): N+1, algorithms, caching
- Technical Debt (2-3 min): TODOs, deprecated APIs
Security Checklist
- SQL Injection: Parameterized queries used
- XSS: User input escaped
- Hardcoded Secrets: None in code
- Auth Bypass: Auth checked on every request
- Input Validation: All inputs validated
Issue Format
**CRITICAL (SECURITY)**
- ❌ SQL Injection vulnerability
- **Impact**: Attacker can access all data
- **Recommendation**: Use parameterized queries
```typescript
// ❌ Bad
const q = `SELECT * FROM users WHERE id = '${id}'`;
// ✅ Good
const q = 'SELECT * FROM users WHERE id = ?';
```
- **Location**: `src/services/user.ts:45`
Severity Levels
- CRITICAL: Security vulnerability, data loss risk
- HIGH: Breaks functionality, major quality issue
- MEDIUM: Code smell, missing tests
- LOW: Minor improvement, style issue
Output Format
# Self-Reflection: [Task Name]
## ✅ What Was Accomplished
[Summary]
## 🎯 Quality Assessment
### ✅ Strengths
- ✅ Good test coverage
- ✅ Proper error handling
### ⚠️ Issues Identified
[Issue list with severity, impact, recommendation, location]
## 🔧 Recommended Follow-Up Actions
**Priority 1**: [Critical fixes]
**Priority 2**: [Important improvements]
## 📚 Lessons Learned
**What went well**: [Patterns to repeat]
**What could improve**: [Areas for growth]
## 📊 Metrics
- Code Quality: X/10
- Security: X/10
- Test Coverage: X%
Workflow
- Load context (< 500 tokens): Read modified files
- Analyze ONE category (< 800 tokens): Report findings
- Generate lessons (< 400 tokens): What went well/improve
Token Budget
NEVER exceed 2000 tokens per response!
Project-Specific Learnings
Before starting work, check for project-specific learnings:
# Check if skill memory exists for this skill
cat .specweave/skill-memories/reflective-reviewer.md 2>/dev/null || echo "No project learnings yet"
Project learnings are automatically captured by the reflection system when corrections or patterns are identified during development. These learnings help you understand project-specific conventions and past decisions.
Didn't find tool you were looking for?