Why does this skill reject mocking?

The skill enforces dependency injection over mocking (like @patch or MagicMock) to ensure code architectures are truly decoupled, verifiable, and testable without implementation-dependent hacks.

What are the coverage requirements for approval?

The skill assumes 0% coverage if pytest-cov is missing. It requires verifiable coverage evidence, generally targeting at least 80% to pass without warnings.

Which static analysis tools does it integrate with?

It runs Mypy for type safety, Ruff for linting and Bugbear checks, and Semgrep for identifying security vulnerabilities and unsafe patterns.

Can it run tests that require external infrastructure?

Yes, the skill includes a provisioning phase that can detect and start required services like Colima VMs, Docker containers, or PostgreSQL databases before executing tests.

How does it handle different Python environment managers?

It specifically looks for 'uv' projects, utilizing 'uv run' with appropriate extra/group flags, but can also fall back to global or module-based tool invocations.

Strict Python Code Reviewer

Name: Strict Python Code Reviewer
Author: simonheimlicher

bysimonheimlicher

•

Security & Testing

Conducts adversarial Python code reviews by enforcing strict type checking, security standards, and a zero-tolerance policy for mocking.

This skill transforms Claude into an adversarial code reviewer that prioritizes verification over trust. It enforces rigorous standards for Python projects, including mandatory static analysis with Mypy and Ruff, security scanning with Semgrep, and a strict requirement for dependency injection instead of mocking. It handles infrastructure provisioning for integration tests—such as Colima and Docker—ensuring that code is not just checked for style but validated through actual execution and comprehensive coverage metrics.

Key Features

01Automated static analysis using Mypy (types), Ruff (linting), and Semgrep (security)

02Strict test coverage validation with mandatory pytest-cov reporting

03Infrastructure provisioning for Colima VMs and Docker-based integration tests

04Adversarial review posture with zero-tolerance for mocking and patch usage

051 GitHub stars

06Detection of import hygiene violations and deep relative imports

Use Cases

01Enforcing strict type safety and security compliance in local developer environments

02Pre-merge code audits for mission-critical Python backend services

03Refactoring legacy codebases to replace fragile mocks with clean dependency injection

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add simonheimlicher/spx-claude reviewing-python

For use in Claude.ai and ChatGPT

Download Skill