← ClawMerchants | Agent Skills | Security Audit | Full Catalog

Agent Code Review Skill — AI Agent PR Review & Code Quality Protocol

Name: Agent Code Review Skill — AI Agent PR Review & Code Quality Protocol — SKILL.md
Brand: ClawMerchants
Price: 0.05 USDC
Availability: InStock

$0.05 / access SKILL.md protocol

The agent-code-review-skill is a 5-phase SKILL.md behavioral protocol for systematic AI agent code review. It teaches agents to analyze cyclomatic complexity, surface pre-commit security issues (OWASP patterns), detect test coverage gaps, generate actionable PR comments with blocking/suggestion/nit severity levels, and apply multi-language pattern libraries for TypeScript, Python, Go, and Rust. Built for vibe coding workflows where an agent reviews AI-generated code before merge — and for developer teams that want a consistent, automated review baseline across every PR. Compatible with Claude Code, OpenAI Codex CLI, Cursor, GitHub Copilot, and VS Code Copilot.

Why vibe coding needs systematic code review: When developers use AI to generate code at high velocity, the biggest risk is shipping low-quality or insecure code that "works" but fails under production load or security audit. This protocol gives your agent the same review framework a senior engineer applies — automatically, on every PR, before merge.

What's Covered (5 Phases)

Phase	Topic	Key Output
1	Code Quality Analysis	Complexity scoring (cyclomatic + cognitive), duplication detection, naming quality checklist, structural anti-pattern flagging (God Functions, deep nesting, Shotgun Surgery)
2	Security-Aware Review	Pre-commit security checklist (input validation, secrets, output encoding, dependencies); automated red-flag pattern scanner (eval(), innerHTML, SQL string concat, command injection)
3	Test Coverage Gap Detection	Happy path, error path, edge case, and integration test gap identification; coverage thresholds by layer (unit: 85%+, critical paths: 95%+)
4	PR Comment Generation	Structured blocking/suggestion/nit/praise comments; PR summary table with severity counts; actionable fix suggestions inline
5	Multi-Language Pattern Library	TypeScript, Python, Go, and Rust idiomatic patterns — what to flag, what to prefer, with code examples

Target Keywords Covered

Agent code review skill — install via npx skills install agent-code-review-skill for any SKILL.md-compatible agent runtime
AI agent code review protocol — structured SKILL.md behavioral protocol that agents load and execute at runtime
Vibe coding code review agent — systematic review layer for AI-generated code before it merges to production
AI agent PR review protocol — generates blocking/suggestion/nit PR comments with severity-labeled summaries
SKILL.md code quality agent — 5-phase protocol covering the full code review stack: quality, security, tests, comments, language patterns
Code review skill Claude Code OpenAI Codex — compatible with Claude Code, OpenAI Codex CLI, Cursor, GitHub Copilot, VS Code Copilot

Code Sample — Complexity Scorer

// From agent-code-review-skill Phase 1
// Cyclomatic + cognitive complexity scoring for any function

interface ComplexityScore {
  cyclomatic: number;   // Decision points + 1
  cognitive: number;    // Nesting depth × decision points
  verdict: 'green' | 'yellow' | 'red';
  action: string;
}

function scoreComplexity(fn: FunctionNode): ComplexityScore {
  const cyclomatic = countDecisionPoints(fn) + 1;
  const cognitive = countNestingPenalty(fn);

  // Green: cyclomatic ≤ 10 — maintainable
  // Yellow: cyclomatic 11–20 — review closely
  // Red: cyclomatic > 20 — must refactor

  const verdict =
    cyclomatic <= 10 && cognitive <= 15 ? 'green' :
    cyclomatic <= 20 && cognitive <= 25 ? 'yellow' : 'red';

  return { cyclomatic, cognitive, verdict,
    action: verdict === 'red' ? 'Extract sub-functions, reduce nesting depth' : 'OK' };
}

Code Sample — Security Red-Flag Scanner

// From agent-code-review-skill Phase 2
// Automated security pattern detection

const SECURITY_RED_FLAGS = [
  { pattern: /evals*(/, severity: 'critical', msg: 'eval() — remote code execution risk' },
  { pattern: /innerHTMLs*=/, severity: 'high', msg: 'innerHTML — XSS risk if user data involved' },
  { pattern: /querys*+s*['"`]/, severity: 'high', msg: 'SQL string concat — injection risk' },
  { pattern: /execs*(.*${/, severity: 'high', msg: 'Template literal in exec() — command injection' },
  { pattern: /console.log(.*key|secret|password/i, severity: 'medium', msg: 'Potential credential logging' },
];

function scanForSecurityIssues(code: string): SecurityFinding[] {
  return SECURITY_RED_FLAGS
    .filter(({ pattern }) => pattern.test(code))
    .map(({ severity, msg }) => ({ severity, message: msg }));
}

Use Cases

Vibe coding quality gate — run agent-code-review-skill on every AI-generated PR before merge; catch complexity and security issues that slip through when code is written at high velocity
Claude Code Auto Mode reviews — configure Claude Code to run this protocol on its own output before committing; agents that review their own work before shipping have far lower defect rates
Pre-commit security checks — surface OWASP Top 10 patterns (SQL injection, XSS, command injection, secret logging) before code reaches CI/CD pipeline
Test coverage enforcement — detect missing happy path, error path, and edge case tests at review time, not after a production incident
Multi-language teams — consistent review baseline across TypeScript, Python, Go, and Rust codebases without language-specific linter configuration overhead
PR comment generation for agent-written code — generate structured, severity-labeled PR comments that human reviewers can act on immediately

Compatible Agent Clients

Client	Install Method	Notes
Claude Code	`npx skills install agent-code-review-skill`	Full SKILL.md support; works in Auto Mode
OpenAI Codex CLI	`npx skills install agent-code-review-skill`	Compatible with Codex CLI agent runtime
Cursor	`npx skills install agent-code-review-skill`	Load as agent context in Cursor AI settings
GitHub Copilot	`npx skills install agent-code-review-skill`	Use as Copilot workspace instruction
VS Code Copilot	`npx skills install agent-code-review-skill`	Add to .github/copilot-instructions.md
AutoGen / CrewAI / LangGraph	`npx skills install agent-code-review-skill`	Load SKILL.md as agent system prompt

How to Install

One-line install via npx skills:

npx skills install agent-code-review-skill

This fetches the SKILL.md protocol and makes it available to your agent runtime. Compatible with Claude Code, OpenAI Codex CLI, Cursor, GitHub Copilot, VS Code Copilot, and any SKILL.md-aware agent framework.

How to Access via x402

Free preview: GET https://clawmerchants.com/v1/preview/agent-code-review-skill — inspect protocol structure before paying
Probe: GET https://clawmerchants.com/v1/data/agent-code-review-skill → HTTP 402 with USDC payment details
Pay: Send $0.05 USDC on Base L2 (chain ID 8453) to the provider address in the 402 response
Receive: Resend with X-PAYMENT: <base64 proof> → HTTP 200 with full 5-phase code review protocol

# Step 1: Probe — discover payment requirements
curl -i https://clawmerchants.com/v1/data/agent-code-review-skill
# HTTP/1.1 402 Payment Required
# X-Payment-Required: {"amount":"50000","currency":"USDC","chain":8453,...}

# Step 2: Pay + resend with proof
curl -H "X-PAYMENT: <base64-payment-proof>"      https://clawmerchants.com/v1/data/agent-code-review-skill
# HTTP/1.1 200 OK — returns full agent-code-review-skill SKILL.md protocol

Pricing

$0.05 USDC per access — no subscription, no API key, no account required. The protocol catches security issues that would cost orders of magnitude more to fix after merge. A single blocked SQL injection vulnerability justifies the cost 10,000× over.

Install via npx: npx skills install agent-code-review-skill
Free preview: GET /v1/preview/agent-code-review-skill
Probe the endpoint: GET https://clawmerchants.com/v1/data/agent-code-review-skill
Browse all agent skills: Agent Skills Marketplace →