How are issues presented and prioritized?

The tool outputs an issues array with fields like priority, file, line, title, and description, and groups them by priority P0 (critical) first, then P1, P2, and P3.

What if no issues are found?

The script will report that the code looks good and no actionable issues were detected.

run-review

Flagged

{"isSafe":false,"isSuspicious":true,"riskLevel":"high","findings":[{"category":"shell_command","severity":"high","description":"Install instructions include piping curl to bash (curl -fsSL https://cubic.dev/install | bash), which downloads and executes a remote script without verification.","evidence":"- If not found, ask the user to install it (e.g., `curl -fsSL https://cubic.dev/install | bash` or `npm install -g @cubic-dev-ai/cli`) before proceeding."}],"summary":"The skill content includes an insecure install pattern (curl ... | bash) which can execute remote code without verification. This should be avoided or replaced with a safer install method (e.g., fetch script, verify with checksums/signatures, or use a package manager). The rest of the content appears safe with no data exfiltration, prompt injection, suspicious URLs, obfuscated code, or system-harm patterns."}

npx machina-cli add skill mrge-io/cubic-claude-plugin/run-review --openclaw

Files (1)

SKILL.md

2.5 KB

Run Local Code Review

This skill runs a local cubic AI code review using the CLI to catch issues before committing or opening a PR.

When to Activate

User says "review my code", "check my changes", "run a review", or "anything I should fix"
User is about to commit or open a PR and wants a quality check
User asks to "scan for issues", "check for problems", or "review before merging"
User wants to validate their local changes against cubic's AI review

How to Use

Check the CLI is installed: Run which cubic.
- If not found, ask the user to install it (e.g., curl -fsSL https://cubic.dev/install | bash or npm install -g @cubic-dev-ai/cli) before proceeding.
- After installing, verify it's available: which cubic
- If the user is not yet authenticated, run cubic auth and guide them through the browser login flow.
Determine what to review:
- Check for uncommitted changes (staged and unstaged): git status --porcelain
- If there are uncommitted changes, review the working directory: cubic review -j
- If there are no uncommitted changes, review the branch against its base: cubic review -b -j
Parse the JSON output: The output contains an issues array. Each issue has:
- priority: P0 (critical), P1 (high), P2 (medium), P3 (low)
- file: File path
- line: Line number
- title: Issue title
- description: Detailed explanation
If no issues found: The code looks good — let the user know.
If issues are found: Present them grouped by priority, then offer to fix them. For each issue the user selects:
- Read the file and surrounding context to understand the root cause
- Validate the issue is real — if it's a false positive, explain why and skip it
- Fix it in the simplest, cleanest way possible without refactoring unrelated code

Presentation

Group issues by priority (P0 first, then P1, P2, P3)
For each issue show the file, line number, title, and description
Highlight P0 and P1 issues as requiring immediate attention
List issues by number (e.g. "1. P0 — SQL injection in auth.ts:45") so the user can pick which to fix
Keep the summary concise — let the issue descriptions speak for themselves

Source

git clone https://github.com/mrge-io/cubic-claude-plugin/blob/main/skills/run-review/SKILL.mdView on GitHub

Overview

The Run Local Code Review skill invokes Cubic's headless AI code review from the CLI to catch issues before commits or PRs. It analyzes uncommitted changes or a branch against its base, surfaces issues grouped by priority, and guides fixes for high-priority problems to prevent regressions.

How This Skill Works

It verifies the cubic CLI is installed (and authenticated). It then determines whether you have uncommitted changes and runs cubic review -j for the working directory, or cubic review -b -j for the branch. The CLI outputs a JSON with an issues array containing priority, file, line, title, and description; issues are presented grouped by P0–P3 for focused fixes.

When to Use It

You say 'review my code' or 'check my changes' to start a quality check before committing.
You are about to commit or open a PR and want a thorough pre-commit/pre-PR review.
You ask to scan for issues, check for problems, or review before merging.
You want to validate local changes against cubic's AI review.
You need a structured, prioritized list of fixes to guide code improvements.

Quick Start

Step 1: Ensure the cubic CLI is installed and authenticated (cubic auth if needed).
Step 2: If there are uncommitted changes, run cubic review -j; otherwise run cubic review -b -j.
Step 3: Review the JSON output, which groups issues by priority (P0–P3) and fix the highest-priority items first.

Best Practices

Ensure the cubic CLI is installed and authenticated before running reviews.
If there are uncommitted changes, review the working directory first; otherwise review the branch with -b.
Prioritize P0 (critical) and P1 (high) issues and address them first.
Read each issue's description and context in the file and line indicated, validating false positives.
Fix issues in the simplest, isolated way and avoid broad refactors unless necessary.

Example Use Cases

Before merging a feature branch, run cubic review to surface blocking issues (P0/P1) and fix them prior to PR.
During a pre-commit hook, run the review on uncommitted changes to get quick feedback.
Scan for potential security or correctness problems flagged as high-priority (P0/P1) before pushing.
After implementing a hotfix, re-run the review to ensure issues introduced are resolved.
When merging to main, validate local changes against cubic's AI review to minimize regressions.

Frequently Asked Questions

Add this skill to your agents