3
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill third774/dotfiles --skill adversarial-code-review- SKILL.md11.4 KB
Overview
This skill runs adversarial code reviews: adopt hostile perspectives to find bugs, security issues, and unintended consequences the author missed. Use it to surface high-impact problems before merging PRs, auditing codebases, or deploying critical changes. It focuses on practical, actionable findings with location, impact, and severity.
How this skill works
Start in Diff-Focused mode by default (PRs and changed files); switch to Audit mode only when requested for broader, systematic coverage. Deliberately apply six separate lenses—Malicious User, Careless Colleague, Future Maintainer, Ops/On-Call, Data Integrity, and Interaction Effects—documenting findings per lens. Each finding must include a specific location, an impact assessment, and a severity tier (Must Fix / Should Fix / Consider).
When to use it
- Reviewing pull requests or diffs before merge
- Auditing a module or repository with explicit scope
- Before critical deployments or releases
- When assessing security-sensitive or stateful code
- When you need focused, high-value review comments for complex changes
Best practices
- Determine mode up front: diff-focused by default, audit only on explicit request
- Apply lenses one at a time—don’t blend perspectives
- Report only findings that pass the Impact Filter (probability, impact, non-obvious)
- Include exact file/line locations and clear reasoning for every Must Fix
- Limit "Consider" items to two per review and always note at least one positive
- Prioritize lenses by code type (e.g., Data Integrity for DB ops, Ops for background jobs)
Example use cases
- PR review for a new API endpoint to find injection, misuse, and interaction regressions
- Pre-deploy audit of a migration or database-affecting change to detect race and partial-failure modes
- Security-focused pass on authentication, payment, or crypto code using the Malicious User lens
- Operational review of background jobs and retries using the Ops/On-Call lens
- Maintenance audit to identify implicit assumptions and documentation gaps for long-lived services
FAQ
A Must Fix breaks correctness, security, or data integrity (e.g., auth bypass, SQL injection, race leading to data loss). Each Must Fix must show the specific location and clear reasoning or reproduction steps.
How do you avoid noise in reviews?
Only report items that score 2+ on the Impact Filter: likely to occur, impactful if it occurs, and non-obvious to the author. Limit low-value "Consider" items to two.
When should I escalate instead of continuing the review?
Escalate for security-critical areas (auth, payments, crypto), if you find 3+ Must Fixes, if you don’t understand the code, or if there are architectural concerns requiring design discussion.