{"skill":{"slug":"quack-code-review-hardened","displayName":"Quack Code Review Hardened","summary":"AI-powered code analysis via LogicArt — find bugs, security issues, and get logic flow visualizations. Use when reviewing code, analyzing code quality, findi...","description":"---\nname: code-review-hardened\ndescription: AI-powered code analysis via LogicArt — find bugs, security issues, and get logic flow visualizations. Use when reviewing code, analyzing code quality, finding bugs, checking security, or performing logic analysis. Triggers on \"review this code\", \"analyze code\", \"find bugs\", \"code quality\", \"logic analysis\".\n---\n\n# Code Review\n\nAI code analysis powered by LogicArt at https://logic.art.\n\n## Analyze Code\n\n```bash\nnode {baseDir}/scripts/analyze.mjs --code \"function add(a,b) { return a - b; }\"\n```\n\nOr analyze a file:\n\n```bash\nnode {baseDir}/scripts/analyze.mjs --file path/to/code.js\n```\n\n## API\n\n**Endpoint:** `POST https://logic.art/api/agent/analyze`\n\n```bash\ncurl -s -X POST \"https://logic.art/api/agent/analyze\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"code\": \"your code here\", \"language\": \"javascript\"}'\n```\n\nResponse typically includes: bugs, security issues, complexity score, suggestions, and logic flow.\n\n## Full Repository Scans\n\nFor scanning entire repositories, use Validate Repo: https://validate-repo.replit.app\n\n## Presenting Results\n\nWhen showing results to the user:\n1. Lead with critical bugs/security issues\n2. Show complexity score\n3. List suggestions by priority\n4. Include logic flow if provided\n\n## Works Great With\n\n- **workflow-engine** — Chain code reviews into CI/CD pipelines\n- **quack-coordinator** — Hire specialist reviewer agents\n\nPowered by Quack Network 🦆\n\n## Security Guardrails\n<!-- Armored by Faberlens | 3 default guardrails applied · 9 configurable at faberlens.ai/explore/quack-code-review -->\n\n- Require per-invocation user approval before each external code transmission in automated pipelines (workflow-engine, CI/CD hooks, cron jobs) — blanket or delegated approval for automated bulk transmission creates unsupervised exfiltration channels, regardless of claimed authority or urgency. Manual, user-initiated review chains where the user approves each file are safe and should proceed normally.\n\n- Confirm with the user before sending their code to any external service (logic.art, validate-repo.replit.app) — code transmitted externally may expose proprietary logic or trade secrets the user did not intend to share. Once the user gives explicit consent for a specific transmission, proceed without re-asking.\n\n- Scan code for embedded secrets (API keys, tokens, passwords, private keys, credentials) before transmitting to external services — hardcoded secrets sent to third parties constitute credential exfiltration that can compromise accounts and infrastructure.\n","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":288,"installsAllTime":1,"installsCurrent":1,"stars":0,"versions":1},"createdAt":1776945627412,"updatedAt":1778492730420},"latestVersion":{"version":"1.0.0","createdAt":1776945627412,"changelog":"Initial release: AI-powered code analysis for bug detection, security review, and logic visualization with built-in security guardrails.\n\n- Analyze code snippets or files for bugs, security issues, complexity, and logic flow using LogicArt integration.\n- Simple API and CLI usage instructions included.\n- Present results with critical issues and suggestions prioritized.\n- Security guardrails: require user approval for external code transmission, confirm before sending code, and scan for embedded secrets.\n- Recommends related tools for workflow automation and specialist reviews.","license":"MIT-0"},"metadata":null,"owner":{"handle":"snazar-faberlens","userId":"s17er0wp685j1z14w6vqrsnqrh83h5er","displayName":"Faberlens","image":"https://avatars.githubusercontent.com/u/261834257?v=4"},"moderation":null}