Evaluate code review feedback rigorously before deciding whether to implement it.
This skill appears to be an open-source prompt/document artifact with no required secrets and no declared remote endpoints, so the overall risk is low. However, it explicitly instructs use of gh/git/npm/grep and repository data, so if an agent actually follows it, it would involve local code execution and repository data access that should be constrained by the runtime environment.
The material declares no required secrets or environment variables, and it does not ask for tokens, API keys, or pasted credentials, so credential exposure risk is low.
No remote endpoint is explicitly declared, but the README instructs `gh pr view` to fetch PR comments and `git push` to send updates, which normally connect to the code hosting platform and may transmit code/metadata. This is standard for developer workflows, with no clear sign of exfiltration to unrelated or unknown endpoints.
The README explicitly suggests running local commands and developer tools such as `gh`, `grep`, `npm test`, `npm run lint`, `npm run format`, and `git push`, so following it would entail local command execution. This is normal for the stated use case, but it should be confined to a controlled repository and environment.
The material calls for reading PR comments, checking branch/diff state, searching repository contents, and modifying code before committing, indicating access to the local codebase and related development data. There is no evident request for system-wide data unrelated to code review or other excessive permissions.
The system marks it as prompt-only and open-source, with a GitHub source pointing to a Microsoft-associated repository, which provides good auditability. Community adoption, license clarity, and maintenance status are limited/unclear, but the current material shows no obvious red flags such as closed-source exfiltration, disguised installers, or clear prompt-injection patterns.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "receiving-code-review" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/FluidFramework/main/.agency/plugins/nori/skills/receiving-code-review/SKILL.md 2. Save it as ~/.claude/skills/receiving-code-review/SKILL.md 3. Reload skills and tell me it's ready
Help me analyze whether this code review comment is technically valid, and whether I should accept, partially accept, or reject it. Here is the code: {{code}}. Here is the review feedback: {{review feedback}}. Please check for misunderstandings, outdated assumptions, style-vs-correctness confusion, or conflicts with project constraints.A technical assessment of the feedback, supporting reasoning, risks, and a recommended response and action.
I received a code review comment that may be inaccurate. Based on the following context, help me draft a professional, concise, non-confrontational reply: code snippet: {{code}}; review comment: {{review feedback}}; my current assessment: {{my assessment}}; project constraints: {{project constraints}}. If my assessment may be wrong, point that out too.A professional reply draft plus any technical questions or evidence that should be verified.
Do not change the code just because of the review comment. First design a verification plan for this suggestion: the review comment is {{review feedback}}, and the relevant code is {{code}}. List the facts to check, runnable tests, edge cases, and only then propose changes if the feedback is validated.A verification checklist, test plan, and conditional implementation advice based on the findings.
Code review requires technical evaluation, not emotional performance.
Core principle: Fetch feedback → Verify → Implement → Re-test → Push updates.
Announce at start: "I'm using the Nori Receiving Code Review skill to handle this feedback."
For multi-item feedback, use TodoWrite:
- [ ] Fetch and read all PR comments
- [ ] Clarify unclear items (if any)
- [ ] Fix item 1: [description]
- [ ] Fix item 2: [description]
...
- [ ] Run tests/lint/format
- [ ] Push updates
Why: Prevents skipping items and provides visibility to user.
Determine PR number from context:
gh pr view --json number -q .numberFetch all comments:
# View all comments (review + general)
gh pr view [PR-NUMBER] --comments
Read completely before reacting.
Apply these checks to each item:
CRITICAL: If ANY item is unclear, STOP. Ask for clarification on ALL unclear items before implementing ANYTHING.
Example:
User: "Fix items 1-6"
You understand 1,2,3,6. Unclear on 4,5.
✅ "Understand 1,2,3,6. Need clarification on 4 and 5 before implementing."
❌ Implement 1,2,3,6 now, ask about 4,5 later
Follow implementation order:
For each fix:
YAGNI check: If reviewer suggests "implementing properly", grep for actual usage:
grep -r "endpointName" .
If unused: "This endpoint isn't called. Remove it (YAGNI)?"
Reference finishing-a-development-branch skill (Steps 1-2):
See .claude/skills/finishing-a-development-branch/SKILL.md
npm test (or project equivalent)
npm run lint:*-types (if available)
npm run formatnpm run lintgit diff --statPush changes to PR:
git push
Report what changed:
"Code review feedback addressed:
Changes pushed to PR. Options:
Which would you like?"
gh pr view --comments)Forbidden:
Required:
…
Create a custom skill with structure, documentation, and optional bundled scripts.
Trace errors backward through execution paths to identify the true root cause.
Update technical documentation after code changes are completed.
Generate Fluid-style PR content, push branches, and open GitHub pull requests.
Explains how to use abilities effectively before starting any conversation.
Break large, long-running tasks into manageable chunks and preserve context.
Helps developers handle code review feedback with rigor, judgment, and effective responses.
Trigger a code review against plans or requirements before moving forward.
Review code or branches for correctness, compatibility, architecture, tests, performance, and security.
Review code deeply across correctness, tests, security, performance, and product quality.
Run multi-model reviews for code changes, PRs, and risky edits.
Clarify ambiguous changes into testable acceptance criteria and implementation requirements.