init: common-skills v1

skills/codereview/SKILL.md

@@ -0,0 +1,44 @@
+---
+name: codereview-skill
+description: Code review best practices and checklist. Use when reviewing PRs, analyzing code quality, or checking for bugs and anti-patterns.
+---
+
+# Code Review Skill
+
+## Review Checklist
+
+When reviewing code, check the following:
+
+### Correctness
+- Logic is correct and handles edge cases
+- No off-by-one errors in loops
+- Null/None checks where needed
+
+### Readability
+- Variable and function names are descriptive
+- Functions do one thing (single responsibility)
+- No magic numbers — use named constants
+
+### Security
+- No hardcoded secrets or credentials
+- User inputs are validated/sanitized
+- No SQL injection or command injection risks
+
+## Example: Bad vs Good
+
+```python
+# Bad
+def f(x):
+    return x * 86400  # magic number
+
+# Good
+SECONDS_PER_DAY = 86400
+
+def to_seconds(days: int) -> int:
+    return days * SECONDS_PER_DAY
+```
+
+## Common Anti-patterns to Flag
+- Functions longer than 40 lines → suggest splitting
+- Deeply nested conditionals (>3 levels) → suggest early return
+- Duplicate code blocks → suggest extracting to function

skills/codereview/evals/evals.json

@@ -0,0 +1,20 @@
+{
+  "skill_name": "codereview",
+  "evals": [
+    {
+      "id": 1,
+      "prompt": "Review this Python function for issues:\ndef calc(x): return x*86400",
+      "expected_output": "Identifies the magic number 86400 and suggests extracting it as a named constant like SECONDS_PER_DAY."
+    },
+    {
+      "id": 2,
+      "prompt": "Is this code okay?\ndef get_user(db, id):\n    return db.execute('SELECT * FROM users WHERE id=' + id)",
+      "expected_output": "Flags SQL injection vulnerability and recommends parameterized queries."
+    },
+    {
+      "id": 3,
+      "prompt": "Review this function:\ndef process(a,b,c,d,e,f,g): return a+b+c+d+e+f+g",
+      "expected_output": "Flags too many parameters and suggests refactoring to use a data structure or fewer arguments."
+    }
+  ]
+}