xtone/ai_development_tools
2 skills3.5k installs6 starsGitHub
Install
npx skills add https://github.com/xtone/ai_development_toolsSkills in this repo
1Code Reviewcode-review is an agent skill from xtone’s AI development tools that gives solo builders a reproducible authorization review lens for typical client–server web and mobile stacks. It is not a generic style linter: it encodes how to hunt IDOR, privilege escalation, information leakage, CSRF, and cache mistakes by insisting that authorization boundaries live on the server, that userId and tenantId never come from untrusted client fields, and that APIs default to deny unless a shared authorize path proves access. Install it when you are shipping features that touch accounts, tenants, or resource IDs and want your agent to walk the same entrance, permission, and error-handling checks every time. It pairs naturally with security testing skills but stays in the review lane—structured questions and blockers for PR time rather than exploit crafting.2kinstalls2Pr TriagePR Triage is an agent skill for solo and indie builders who run GitHub pull requests through CI and want cheaper, faster review prep. It pulls PR metadata and diffs via GitHub CLI, classifies changes, detects stack and risk categories (authorization, database, RLS, API, tests, configuration, skills), flags shallow issues on common JS/TS files, and writes everything to `.pr-triage.json` for a heavier review step—often on a larger model. When more than fifteen files change, it deliberately avoids downloading the full diff to control token cost. Incremental mode compares against `last_reviewed_commit` in `.pr-review-state.json`, re-checks only touched files, marks resolved issues, and carries forward stale surface findings with `carried_over`. Ideal in automated pipelines where Haiku-class models handle triage and Sonnet-class models handle depth. You still need `gh` auth and repo access; it does not replace security audit or merge approval.1.5kinstalls