API审查
- 作者仓库星标 0
- 作者更新于 实时读取
- 作者仓库 skills-registry
- 领域
- 工程开发
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @tomevault-io · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需简单配置
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- Windows
- 底层运行要求
- 无特殊要求
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 网络行为
- 仅限本地
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: reviewing-skills
description: > Use when this capability is needed. Review the relevant skills and instructions after any work…
category: 工程开发
runtime: 无特殊运行时
---
# reviewing-skills 输出预览
## PART A: 任务判断
- 适用问题:代码实现、重构、调试或代码审查。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“When to review / What to check / 1. Code examples compile and are accurate”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于代码实现、重构、调试或代码审查,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“When to review / What to check / 1. Code examples compile and are accurate”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、主要在本地完成、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令;主要在本地完成;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文没有稳定的斜杠命令要求。安装验证后通常全局生效,直接在对话里点名这个 Skill 并描述任务即可。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令。
先用一个小任务确认它会围绕“When to review / What to check / 1. Code examples compile and are accurate”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: reviewing-skills
description: > Use when this capability is needed. Review the relevant skills and instructions after any work…
category: 工程开发
source: tomevault-io/skills-registry
---
# reviewing-skills
## 什么时候使用
- 用于审阅代码、文档或方案并给出可执行反馈 适合处理工程开发场景下的代码实现、调试、重构、测试或代码审查,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤;通常…
- 面向代码实现、重构、调试或代码审查,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「When to review / What to check / 1. Code examples compile and are accurate」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令;主要在本地完成;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "reviewing-skills" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> When to review / What to check / 1. Code examples compile and are accurate
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> 无特殊运行时 | 读取文件、写入/修改文件、执行终端命令 | 主要在本地完成
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Reviewing and Updating Skills
When to review
Review the relevant skills and instructions after any work that changes:
- Public API surface — new methods, renamed parameters, changed signatures
- Build or test infrastructure — new solution files, changed filters, new TFMs
- Architecture — new projects, moved files, changed conventions
- Code generation — new keywords, changed handler behaviour, new CLI options
- Documentation pipeline — new build steps, changed tool behaviour
The rule is simple: if the code changed, check whether the instructions still match.
What to check
For each skill touched by your changes, verify these in order:
1. Code examples compile and are accurate
Every code block in a skill should use real types, real method signatures, and real parameter names from the current codebase. The most common failure mode is fabricated or stale API usage — a method that was renamed, a parameter that was added, or a constructor whose signature changed.
To verify, pick each code example and check the actual source:
# Find the real signature
grep -rn "public.*MethodName" src/
Common drift patterns:
- Constructor gains a new required parameter (skill example silently omits it)
- Method renamed but skill still uses the old name
- Enum values or constants changed
- File paths moved (e.g.,
Common/src/vssrc/Common/)
2. Numeric values and thresholds match source
When a skill states a specific number (priority value, buffer threshold, step count, character limit), verify it against the source constant or definition. These drift silently when someone changes a constant without updating the documentation.
3. Scope boundaries are still correct
Check the USE FOR / DO NOT USE FOR fields in the YAML frontmatter. After adding a new feature or project, an existing skill's scope may need updating — either to include the new area or to explicitly redirect to a new skill.
4. Cross-references point to the right places
Each skill's ## Cross-References section should link to skills that still exist and still cover the referenced topic. If a skill was renamed, split, or merged, update all inbound references.
5. No duplication with main instructions
The main copilot-instructions.md should contain brief summaries with cross-references to skills for depth. If you find the same detailed content in both places, condense the main instructions copy to a summary and cross-reference.
Adding a new skill
When a new area of the codebase deserves its own skill:
- Create the directory and file:
.github/skills/<name>/SKILL.md - Write the YAML frontmatter with
name,description,USE FOR, andDO NOT USE FOR - Structure the content: overview → code examples → configuration tables → common pitfalls → cross-references
- Add cross-references from related skills back to the new one
- Update the skill inventory table in
copilot-instructions.md - Update the code sample catalog:
.\docs\update-code-sample-catalog.ps1 -UpdateFile .github/skills/<name>/SKILL.md
A skill earns its place when the assistant repeatedly struggles with a specific area, not when an area merely exists.
Root-causing trigger failures
When a skill or instruction existed but you did not follow it, treat that as a defect in the instructions — not just a one-off mistake. The instruction failed to trigger at the right moment, and the fix is to understand why and close the gap.
Ask these questions:
- Was the instruction framed for the wrong trigger? An instruction that says "when you edit a documentation file" may not fire when the task is "fix the CI build." If the instruction applies in both situations, rewrite it to cover both entry points.
- Was the instruction buried inside a larger workflow? A critical step hidden as step 5 of a 5-step process gets skipped when you jump to the end. Promote it to a standalone gate with its own heading.
- Did the instruction assume proactive compliance? Instructions that only describe the happy path ("do X when you change Y") need a reactive counterpart ("if you forgot to do X, here is how to recover — and it still requires doing X").
- Did multi-turn conversation obscure the trigger? When changes accumulate across many conversation turns before a commit, per-edit triggers get lost. Anchor the instruction to the commit point instead, since that is where all changes converge regardless of how they were made.
After root-causing, update the instruction to close the gap — then verify the updated instruction would have caught the original failure.
Running a full review
For a periodic audit of all skills (e.g., after a major release):
- List all skills and check each against the current source
- Use parallel explore agents to verify 4-5 skills each — look for fabricated APIs, wrong parameters, stale paths, missing examples
- Cross-check findings against source code before fixing — review agents produce false positives (they may flag correct code as wrong)
- Track findings in a structured format (SQL table or similar) with severity and status
- Fix in priority order: critical inaccuracies → missing examples → duplication → cosmetic
Common false positives
Review agents frequently flag things that are actually correct:
- Generated type APIs that don't appear in hand-written source (they're emitted by the code generator)
- Methods found only via generic type inference (the agent's grep misses them)
- Shared source files in
src-v4/that are referenced by V5 projects via project references
Always verify against the actual source before changing a skill.
Design principles for skill content
These principles keep skills effective as AI context:
- Code-first — every skill should have at least one copy-paste-ready code example with real syntax
- Concrete over abstract — real file paths, real type names, real method signatures
- Self-contained sections — each section should make sense without reading the whole skill
- Tables for reference data — configuration options, threshold values, priority levels
- Pitfalls earn their place — only document pitfalls that have actually caused problems
Cross-References
- For verifying code samples in documentation, see the "Documentation Code Sample Verification" section in
copilot-instructions.md - For the code sample catalog tools, see
docs/CodeSampleCatalog.md
Source: corvus-dotnet/Corvus.JsonSchema — distributed by TomeVault.
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核