Where are the review results stored?

All findings, including status and specific issues, are written to a standardized .task/review-sonnet.json file.

When will a review be marked as 'needs_changes'?

The status is set to 'needs_changes' if any 'error' severity issue is found or if two or more 'warning' severity issues are identified.

How does it decide between a Plan or Code review?

The skill automatically detects your current progress by checking for the existence of .task/plan-refined.json or .task/impl-result.json files.

What is Review Sonnet?

Review Sonnet is a Claude Code skill that provides rapid, practical code and plan reviews focused on security, quality, and testing efficiency.

Does it check for security vulnerabilities?

Yes, it specifically audits for OWASP Top 10 issues including SQL injection, hardcoded secrets, XSS vulnerabilities, and missing authentication checks.

Review Sonnet

Name: Review Sonnet
Author: Z-M-Huang

byZ-M-Huang

•

Security & Testing

Performs rapid, automated code and plan reviews to identify quality issues, security vulnerabilities, and testing gaps.

Review Sonnet is a specialized Claude Code skill designed for high-speed, practical feedback during the development lifecycle. It intelligently toggles between Plan Reviews and Code Reviews by detecting existing task artifacts, focusing on OWASP Top 10 security risks, logical correctness, and test coverage adequacy. By providing standardized JSON outputs and clear decision rules, it serves as an efficient gatekeeper that catches obvious errors and architectural gaps before deeper manual analysis is required.

Key Features

01Dual-mode review capabilities for both implementation plans and finalized code

0211 GitHub stars

03Speed-optimized analysis using the high-performance Claude Sonnet model

04Standardized JSON reporting for seamless integration into development workflows

05Automated security auditing focusing on OWASP Top 10 vulnerabilities

06Comprehensive test coverage evaluation and validation

Use Cases

01Pre-screening pull requests for obvious logic bugs and hardcoded secrets

02Verifying test coverage for new features before final merging

03Validating implementation plans for missing requirements or security flaws

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add z-m-huang/claude-codex review-sonnet

For use in Claude.ai and ChatGPT

Download Skill