When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

--lang js\n\n# TypeScript any\nast-grep -p ': any' --lang ts\nast-grep -p 'as any' --lang ts\n\n# Vue props mutation\nast-grep -p 'props.$PROP = $VALUE' --lang js\n\n# Security: eval\nast-grep -p 'eval($$)' --lang js\n\n# Security: innerHTML\nast-grep -p '$ELEM.innerHTML = $

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

--lang js\n\n# Python: mutable defaults\nast-grep -p 'def $FUNC($ARG=[])' --lang py\n```\n\n### Output Format\n\nConsolidate findings into this structure:\n\n```markdown\n## Anti-pattern Analysis Report\n\n### Summary\n- Total issues: X\n- Critical: X | High: X | Medium: X | Low: X\n- Categories with most issues: [list]\n\n### Critical Issues (Fix Immediately)\n| File | Line | Issue | Category |\n|------|------|-------|----------|\n| ... | ... | ... | ... |\n\n### High Priority Issues\n| File | Line | Issue | Category |\n|------|------|-------|----------|\n| ... | ... | ... | ... |\n\n### Medium Priority Issues\n[Similar table]\n\n### Low Priority / Style Issues\n[Similar table or summary count]\n\n### Recommendations\n1. [Prioritized fix recommendations]\n2. [...]\n\n### Category Breakdown\n- **Security**: X issues (details)\n- **Async/Promises**: X issues (details)\n- **Code Complexity**: X issues (details)\n- [...]\n```\n\n### Optional Flags\n\n- `--focus \u003ccategory>`: Focus on specific category (security, async, complexity, framework)\n- `--severity \u003clevel>`: Minimum severity to report (critical, high, medium, low)\n- `--fix`: Attempt automated fixes where safe\n\n### Post-Analysis\n\nAfter consolidating findings:\n1. Prioritize issues by impact and effort\n2. Suggest which issues can be auto-fixed with ast-grep\n3. Identify patterns that indicate systemic problems\n4. Recommend process improvements (linting rules, pre-commit hooks)\n\n## See Also\n\n- **Reference**: [REFERENCE.md](REFERENCE.md) - Full YAML rule catalog with ast-grep pattern library\n- **Skill**: `ast-grep-search` - ast-grep usage reference\n- **Command**: `/code:review` - Comprehensive code review\n- **Agent**: `security-audit` - Deep security analysis\n- **Agent**: `code-refactoring` - Automated refactoring\n\n## Related Configure Skills\n\n- If linting not configured → `/configure:linting` for automated enforcement\n- If security scanning not set up → `/configure:security` for CI integration\n---","attachment_filenames":["REFERENCE.md"],"attachments":[{"filename":"REFERENCE.md","content":"# Code Anti-patterns Reference\n\nComprehensive ast-grep pattern library for detecting anti-patterns across languages.\n\n## JavaScript/TypeScript Patterns\n\n### Async Anti-patterns\n\n```yaml\n# Unhandled Promise - missing catch\nid: unhandled-promise\nlanguage: JavaScript\nseverity: high\nmessage: Promise chain missing error handler\nrule:\n pattern: $EXPR.then($HANDLER)\n not:\n follows:\n pattern: .catch($$)\nnote: Add .catch() or use try/catch with await\n---\n# Promise constructor anti-pattern\nid: promise-constructor-antipattern\nlanguage: JavaScript\nseverity: medium\nmessage: Unnecessary Promise wrapper around async code\nrule:\n pattern: new Promise(($RESOLVE, $REJECT) => { $ASYNC_CALL.then($$) })\nfix: $ASYNC_CALL\n---\n# Floating promise (missing await)\nid: floating-promise\nlanguage: TypeScript\nseverity: high\nmessage: Promise result not awaited or handled\nrule:\n pattern: $ASYNC_FUNC($$)\n not:\n any:\n - inside:\n pattern: await $$\n - inside:\n pattern: return $$\n - inside:\n pattern: $VAR = $$\n```\n\n### Error Handling\n\n```yaml\n# Empty catch block\nid: no-empty-catch\nlanguage: JavaScript\nseverity: warning\nmessage: Empty catch block silently swallows errors\nrule:\n pattern: try { $$ } catch ($E) { }\nfix: |\n try { $$ } catch ($E) {\n console.error($E);\n throw $E;\n }\n---\n# Catch without error parameter\nid: catch-without-error\nlanguage: JavaScript\nseverity: info\nmessage: Consider logging the caught error\nrule:\n pattern: catch { $$ }\n---\n# Generic error catch\nid: generic-error-catch\nlanguage: TypeScript\nseverity: info\nmessage: Consider catching specific error types\nrule:\n pattern: catch ($E: Error) { $$ }\n```\n\n### Code Smell Patterns\n\n```yaml\n# Magic numbers\nid: no-magic-numbers\nlanguage: JavaScript\nseverity: info\nmessage: Consider extracting magic number to named constant\nrule:\n any:\n - pattern: if ($VAR > 100)\n - pattern: if ($VAR \u003c 50)\n - pattern: if ($VAR === 42)\n - pattern: setTimeout($$, 5000)\n - pattern: setInterval($$, 1000)\nconstraints:\n # Exclude common acceptable values\n VAR:\n not:\n regex: '^(0|1|-1|100)

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n---\n# Long parameter list\nid: long-parameter-list\nlanguage: JavaScript\nseverity: medium\nmessage: Consider using an options object for many parameters\nrule:\n pattern: function $NAME($A, $B, $C, $D, $E, $$) { $$ }\nnote: Functions with more than 4 parameters are hard to use correctly\n---\n# Nested ternary\nid: no-nested-ternary\nlanguage: JavaScript\nseverity: medium\nmessage: Nested ternary is hard to read\nrule:\n pattern: $A ? $B : $C\n has:\n pattern: $X ? $Y : $Z\n```\n\n### Deprecated Patterns\n\n```yaml\n# var usage\nid: no-var\nlanguage: JavaScript\nseverity: info\nmessage: Use let or const instead of var\nrule:\n pattern: var $VAR = $$\nfix: const $VAR = $$\n---\n# arguments object\nid: no-arguments\nlanguage: JavaScript\nseverity: info\nmessage: Use rest parameters instead of arguments\nrule:\n pattern: arguments[$INDEX]\n---\n# Function constructor\nid: no-function-constructor\nlanguage: JavaScript\nseverity: error\nmessage: Function constructor is equivalent to eval\nrule:\n pattern: new Function($$)\n```\n\n## Vue 3 Patterns\n\n### Reactivity Issues\n\n```yaml\n# Props mutation\nid: vue-props-mutation\nlanguage: JavaScript\nseverity: error\nmessage: Never mutate props directly\nrule:\n pattern: props.$PROP = $VALUE\nnote: |\n Use emit('update:propName', value) or create a local copy:\n const localProp = ref(props.propName)\n---\n# Destructuring reactive state\nid: vue-reactive-destructure\nlanguage: JavaScript\nseverity: high\nmessage: Destructuring reactive state loses reactivity\nrule:\n pattern: const { $$PROPS } = $REACTIVE_VAR\n inside:\n pattern: const $REACTIVE_VAR = reactive($$)\nfix: const { $$PROPS } = toRefs($REACTIVE_VAR)\n---\n# Watch without immediate or deep when needed\nid: vue-watch-options\nlanguage: JavaScript\nseverity: info\nmessage: Consider if watch needs immediate or deep options\nrule:\n pattern: watch($SOURCE, $CALLBACK)\n not:\n has:\n pattern: watch($SOURCE, $CALLBACK, { $$ })\n```\n\n### Composition API Patterns\n\n```yaml\n# Missing onUnmounted cleanup\nid: vue-missing-cleanup\nlanguage: JavaScript\nseverity: medium\nmessage: Event listener should be cleaned up in onUnmounted\nrule:\n pattern: onMounted(() => { $TARGET.addEventListener($$) })\n not:\n inside:\n has:\n pattern: onUnmounted(() => { $TARGET.removeEventListener($$) })\n---\n# Computed with side effects\nid: vue-computed-side-effect\nlanguage: JavaScript\nseverity: high\nmessage: Computed properties should not have side effects\nrule:\n pattern: computed(() => { $$ })\n has:\n any:\n - pattern: console.log($$)\n - pattern: $VAR = $VALUE\n - pattern: $OBJ.$PROP = $VALUE\n - pattern: fetch($$)\n```\n\n## React Patterns\n\n### Hooks Issues\n\n```yaml\n# useEffect with empty deps but using state\nid: react-missing-deps\nlanguage: JavaScript\nseverity: high\nmessage: useEffect uses variables not in dependency array\nrule:\n pattern: useEffect(() => { $$ }, [])\nnote: Add used variables to dependency array or use exhaustive-deps lint rule\n---\n# useState with object instead of useReducer\nid: react-complex-state\nlanguage: JavaScript\nseverity: info\nmessage: Consider useReducer for complex state objects\nrule:\n pattern: useState({ $$PROPS })\n has:\n pattern: { $A, $B, $C, $D, $$ }\n---\n# Inline function in JSX\nid: react-inline-function\nlanguage: JavaScript\nseverity: info\nmessage: Inline functions create new references on each render\nrule:\n any:\n - pattern: \u003c$COMP onClick={() => $$} />\n - pattern: \u003c$COMP onChange={() => $$} />\n - pattern: \u003c$COMP onSubmit={() => $$} />\nnote: Use useCallback or extract to a named function\n```\n\n### Component Patterns\n\n```yaml\n# Component without memo for expensive renders\nid: react-missing-memo\nlanguage: JavaScript\nseverity: info\nmessage: Consider React.memo for components receiving object props\nrule:\n pattern: function $Component({ $$PROPS }) { $$ }\n not:\n inside:\n pattern: memo($$)\n---\n# Prop drilling (props passed through multiple levels)\nid: react-prop-drilling\nlanguage: JavaScript\nseverity: info\nmessage: Consider Context or state management for deeply passed props\nrule:\n pattern: \u003c$Child $PROP={props.$PROP} />\n```\n\n## Python Patterns\n\n### Common Anti-patterns\n\n```yaml\n# Mutable default argument\nid: py-mutable-default\nlanguage: Python\nseverity: high\nmessage: Mutable default argument creates shared state between calls\nrule:\n any:\n - pattern: def $FUNC($ARG=[])\n - pattern: def $FUNC($ARG={})\n - pattern: def $FUNC($ARG=set())\nfix: |\n def $FUNC($ARG=None):\n if $ARG is None:\n $ARG = []\n---\n# Bare except\nid: py-bare-except\nlanguage: Python\nseverity: high\nmessage: Bare except catches all exceptions including KeyboardInterrupt\nrule:\n pattern: except:\nfix: except Exception:\n---\n# Global variable\nid: py-no-global\nlanguage: Python\nseverity: medium\nmessage: Global variables make code hard to test and reason about\nrule:\n pattern: global $VAR\n---\n# Type ignore without reason\nid: py-type-ignore-comment\nlanguage: Python\nseverity: info\nmessage: type: ignore should include a reason\nrule:\n regex: '# type: ignore

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n```\n\n### Pythonic Issues\n\n```yaml\n# Using type() instead of isinstance()\nid: py-use-isinstance\nlanguage: Python\nseverity: info\nmessage: Use isinstance() for type checking\nrule:\n pattern: type($VAR) == $TYPE\nfix: isinstance($VAR, $TYPE)\n---\n# Manual iteration with index\nid: py-enumerate\nlanguage: Python\nseverity: info\nmessage: Use enumerate() instead of manual index tracking\nrule:\n pattern: |\n for $I in range(len($LIST)):\n $$ = $LIST[$I]\nnote: Use 'for i, item in enumerate(list):' instead\n---\n# Not using with statement for files\nid: py-file-context\nlanguage: Python\nseverity: medium\nmessage: Use context manager (with statement) for file operations\nrule:\n pattern: $VAR = open($$)\n not:\n inside:\n pattern: with open($$) as $VAR:\n```\n\n## Security Patterns\n\n### Injection Risks\n\n```yaml\n# eval usage\nid: no-eval\nlanguage: JavaScript\nseverity: critical\nmessage: eval() is a security risk - never use with user input\nrule:\n any:\n - pattern: eval($$)\n - pattern: new Function($$)\n - pattern: setTimeout($STRING, $$)\n - pattern: setInterval($STRING, $$)\nconstraints:\n STRING:\n kind: string\n---\n# innerHTML XSS\nid: no-innerhtml\nlanguage: JavaScript\nseverity: high\nmessage: innerHTML can lead to XSS - use textContent or sanitize\nrule:\n any:\n - pattern: $ELEM.innerHTML = $$\n - pattern: $ELEM.outerHTML = $$\n---\n# SQL injection (string concatenation)\nid: sql-injection\nlanguage: JavaScript\nseverity: critical\nmessage: Use parameterized queries instead of string concatenation\nrule:\n any:\n - pattern: '\"SELECT * FROM \" + $VAR'\n - pattern: '\"SELECT \" + $$ + \" FROM\"'\n - pattern: '`SELECT * FROM ${$VAR}`'\n - pattern: '\"INSERT INTO \" + $VAR'\n - pattern: '\"UPDATE \" + $VAR'\n - pattern: '\"DELETE FROM \" + $VAR'\n---\n# Command injection\nid: command-injection\nlanguage: JavaScript\nseverity: critical\nmessage: Use execFile with array arguments instead of exec with string\nrule:\n pattern: exec($COMMAND)\n inside:\n kind: call_expression\nconstraints:\n COMMAND:\n any:\n - kind: template_string\n - kind: binary_expression\n```\n\n### Secrets and Credentials\n\n```yaml\n# Hardcoded API keys\nid: hardcoded-api-key\nlanguage: JavaScript\nseverity: critical\nmessage: Never hardcode API keys - use environment variables\nrule:\n any:\n - pattern: apiKey = '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n - pattern: \"apiKey: '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\"\n - pattern: API_KEY = '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n - pattern: 'x-api-key': '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\nconstraints:\n # Exclude empty strings and placeholders\n $$:\n not:\n regex: '^(|your-api-key|xxx|placeholder)

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n---\n# Hardcoded passwords\nid: hardcoded-password\nlanguage: JavaScript\nseverity: critical\nmessage: Never hardcode passwords\nrule:\n any:\n - pattern: password = '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n - pattern: \"password: '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\"\n - pattern: pwd = '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n - pattern: secret = '$

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

\n---\n# JWT secret hardcoded\nid: hardcoded-jwt-secret\nlanguage: JavaScript\nseverity: critical\nmessage: JWT secrets should come from environment variables\nrule:\n pattern: jwt.sign($$, '$SECRET', $$)\n```\n\n## Performance Patterns\n\n### Memory Leaks\n\n```yaml\n# Event listener without cleanup\nid: event-listener-leak\nlanguage: JavaScript\nseverity: medium\nmessage: Event listener may cause memory leak without removal\nrule:\n pattern: addEventListener($EVENT, $HANDLER)\n not:\n inside:\n has:\n pattern: removeEventListener($EVENT, $HANDLER)\n---\n# setInterval without cleanup\nid: interval-leak\nlanguage: JavaScript\nseverity: medium\nmessage: setInterval should be cleared to prevent memory leaks\nrule:\n pattern: setInterval($$)\n not:\n inside:\n has:\n pattern: clearInterval($$)\n---\n# Closure over large objects\nid: closure-memory\nlanguage: JavaScript\nseverity: info\nmessage: Closure captures entire scope - consider extracting needed values\nrule:\n pattern: |\n const $LARGE = $$;\n $$ = () => { $$ }\n```\n\n### Inefficient Patterns\n\n```yaml\n# Array method chaining creating intermediate arrays\nid: array-chain-performance\nlanguage: JavaScript\nseverity: info\nmessage: Chained array methods create intermediate arrays - consider reduce\nrule:\n pattern: $ARR.filter($$).map($$)\nnote: For large arrays, consider using a single reduce() instead\n---\n# Synchronous file operations\nid: sync-file-ops\nlanguage: JavaScript\nseverity: medium\nmessage: Synchronous file operations block the event loop\nrule:\n any:\n - pattern: fs.readFileSync($$)\n - pattern: fs.writeFileSync($$)\n - pattern: fs.existsSync($$)\nnote: Use async versions with await or callbacks in production\n```\n\n## Running Multiple Rules\n\n### Create sgconfig.yml\n\n```yaml\nruleDirs:\n - rules/javascript\n - rules/typescript\n - rules/vue\n - rules/react\n - rules/python\n - rules/security\n\nutilDirs:\n - rules/utils\n\ntestConfigs:\n testDir: tests\n snapshotDir: __snapshots__\n\nlanguageGlobs:\n - language: TypeScript\n extensions: [ts, tsx]\n - language: JavaScript\n extensions: [js, jsx, mjs, cjs]\n - language: Python\n extensions: [py]\n - language: Vue\n extensions: [vue]\n```\n\n### Run All Rules\n\n```bash\n# Scan with all rules\nast-grep scan\n\n# Scan specific rule\nast-grep scan -r no-empty-catch\n\n# Output as JSON for processing\nast-grep scan --json > antipatterns-report.json\n\n# Filter by severity\nast-grep scan --json | jq '[.[] | select(.severity == \"critical\" or .severity == \"high\")]'\n```\n\n## Quick Reference Commands\n\n### JavaScript/TypeScript\n\n```bash\n# All anti-patterns\nast-grep -p 'console.log($$)' --lang js\nast-grep -p 'var $VAR = $

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

--lang js\nast-grep -p 'try { $$ } catch ($E) { }' --lang js\nast-grep -p 'eval($$)' --lang js\nast-grep -p ': any' --lang ts\nast-grep -p '$VAR!' --lang ts\n```\n\n### Vue\n\n```bash\nast-grep -p 'props.$PROP = $VALUE' --lang js\nast-grep -p 'const { $$PROPS } = reactive($$)' --lang js\n```\n\n### Python\n\n```bash\nast-grep -p 'def $FUNC($ARG=[])' --lang py\nast-grep -p 'except:' --lang py\nast-grep -p 'global $VAR' --lang py\n```\n\n### Security\n\n```bash\nast-grep -p 'eval($$)' --lang js\nast-grep -p '$ELEM.innerHTML = $

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

--lang js\nast-grep -p 'apiKey = \"$$\"' --lang js\nast-grep -p '\"SELECT * FROM \" + $VAR' --lang js\n```\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":13239,"content_sha256":"8e7d31c296892fdbc4b149753b34c1a1d483534130446e59dbe952fdaa1fa65a"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"text":"When to Use This Skill","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Use this skill when...","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Use something else instead when...","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Running a parallel anti-pattern scan and producing a report","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Looking up the full YAML rule catalog → see ","type":"text"},{"text":"REFERENCE.md","type":"text","marks":[{"type":"link","attrs":{"href":"REFERENCE.md","title":null}}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Specifically targeting empty catches, floating promises, or ","type":"text"},{"text":"|| true","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Use the dedicated scanner → ","type":"text"},{"text":"code-hidden-failures --track errors","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Finding success-on-empty / silent degradation patterns","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Use the dedicated scanner → ","type":"text"},{"text":"code-hidden-failures --track degradation","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Broad code-quality review across security, perf, and architecture","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Run the full review delegate → ","type":"text"},{"text":"code-review","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Context","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Analysis path: ","type":"text"},{"text":"$1","type":"text","marks":[{"type":"code_inline"}]},{"text":" (defaults to current directory if not specified)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"JS/TS files: !","type":"text"},{"text":"find . -type f \\( -name \"*.js\" -o -name \"*.ts\" -o -name \"*.jsx\" -o -name \"*.tsx\" \\)","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Vue files: !","type":"text"},{"text":"find . -name \"*.vue\"","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Python files: !","type":"text"},{"text":"find . -name \"*.py\"","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Your Task","type":"text"}]},{"type":"paragraph","content":[{"text":"Perform comprehensive anti-pattern analysis using ast-grep and parallel agent delegation.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Analysis Categories","type":"text"}]},{"type":"paragraph","content":[{"text":"Based on the detected languages, analyze for these categories:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"JavaScript/TypeScript Anti-patterns","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Callbacks, magic values, console.logs","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"var usage, deprecated patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Error swallowing (empty catch, floating promises) → ","type":"text"},{"text":"delegate","type":"text","marks":[{"type":"strong"}]},{"text":" to ","type":"text"},{"text":"/code:hidden-failures --track errors","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Async/Promise Patterns","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Nested callbacks, Promise constructor anti-pattern","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Error-handling coverage (unhandled/floating promises) → ","type":"text"},{"text":"delegate","type":"text","marks":[{"type":"strong"}]},{"text":" to ","type":"text"},{"text":"/code:hidden-failures --track errors","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Framework-Specific","type":"text","marks":[{"type":"strong"}]},{"text":" (if detected)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Vue 3","type":"text","marks":[{"type":"strong"}]},{"text":": Props mutation, reactivity issues, Options vs Composition API mixing","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"React","type":"text","marks":[{"type":"strong"}]},{"text":": Missing deps in hooks, inline functions, prop drilling","type":"text"}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"TypeScript Quality","type":"text","marks":[{"type":"strong"}]},{"text":" (if .ts files present)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Excessive ","type":"text"},{"text":"any","type":"text","marks":[{"type":"code_inline"}]},{"text":" types, non-null assertions, type safety issues","type":"text"}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Code Complexity","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Long functions (>50 lines), deep nesting (>4 levels), large parameter lists","type":"text"}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Security Concerns","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"eval usage, innerHTML XSS, hardcoded secrets, injection risks","type":"text"}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Memory & Performance","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Event listeners without cleanup, setInterval leaks, inefficient patterns","type":"text"}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Python Anti-patterns","type":"text","marks":[{"type":"strong"}]},{"text":" (if detected)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Mutable default arguments, global variables","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Bare except and suppression patterns → ","type":"text"},{"text":"delegate","type":"text","marks":[{"type":"strong"}]},{"text":" to ","type":"text"},{"text":"/code:hidden-failures --track errors","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Delegated Category: Error Swallowing","type":"text"}]},{"type":"paragraph","content":[{"text":"Do NOT re-implement empty-catch / bare-except / floating-promise detection here. Invoke ","type":"text"},{"text":"/code:hidden-failures --track errors","type":"text","marks":[{"type":"code_inline"}]},{"text":" via the SlashCommand tool with the same ","type":"text"},{"text":"PATH","type":"text","marks":[{"type":"code_inline"}]},{"text":" and severity filter, then fold its findings into the consolidated report under a dedicated ","type":"text"},{"text":"Error Swallowing","type":"text","marks":[{"type":"strong"}]},{"text":" section.","type":"text"}]},{"type":"paragraph","content":[{"text":"Rationale: a single source of truth prevents drift between severity models, app-context surfacing recommendations, and privacy redaction policies. See ","type":"text"},{"text":"code-quality-plugin/skills/code-hidden-failures/SKILL.md","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Execution Strategy","type":"text"}]},{"type":"paragraph","content":[{"text":"CRITICAL: Use parallel agent delegation for efficiency.","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Launch multiple specialized agents simultaneously:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"markdown"},"content":[{"text":"## Agent 1: Language Detection & Setup (Explore - quick)\nDetect project stack, identify file patterns, establish analysis scope\n\n## Agent 2: JavaScript/TypeScript Analysis (code-analysis)\n- Use ast-grep for structural pattern matching\n- Focus on: magic values, var usage, deprecated patterns\n- Error swallowing handled separately via `/code:hidden-failures --track errors`\n\n## Agent 3: Async/Promise Analysis (code-analysis)\n- Nested callbacks, Promise constructor anti-pattern\n- Floating promises / unhandled rejections handled via `/code:hidden-failures --track errors`\n\n## Agent 4: Framework-Specific Analysis (code-analysis)\n- Vue: props mutation, reactivity issues\n- React: hooks dependencies, inline functions\n\n## Agent 5: Security Analysis (security-audit)\n- eval, innerHTML, hardcoded secrets, injection risks\n- Use OWASP context\n\n## Agent 6: Complexity Analysis (code-analysis)\n- Function length, nesting depth, parameter counts\n- Cyclomatic complexity indicators","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"ast-grep Pattern Examples","type":"text"}]},{"type":"paragraph","content":[{"text":"For the full YAML rule catalog (with ","type":"text"},{"text":"id:","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"severity:","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"message:","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"fix:","type":"text","marks":[{"type":"code_inline"}]},{"text":", and ","type":"text"},{"text":"note:","type":"text","marks":[{"type":"code_inline"}]},{"text":" fields), see ","type":"text"},{"text":"REFERENCE.md","type":"text","marks":[{"type":"link","attrs":{"href":"REFERENCE.md","title":null}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"Use these patterns during analysis:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Magic numbers\nast-grep -p 'if ($VAR > 100)' --lang js\n\n# Console statements\nast-grep -p 'console.log($$)' --lang js\n\n# var usage\nast-grep -p 'var $VAR = $

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

--lang js\n\n# TypeScript any\nast-grep -p ': any' --lang ts\nast-grep -p 'as any' --lang ts\n\n# Vue props mutation\nast-grep -p 'props.$PROP = $VALUE' --lang js\n\n# Security: eval\nast-grep -p 'eval($$)' --lang js\n\n# Security: innerHTML\nast-grep -p '$ELEM.innerHTML = $

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…

--lang js\n\n# Python: mutable defaults\nast-grep -p 'def $FUNC($ARG=[])' --lang py","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Output Format","type":"text"}]},{"type":"paragraph","content":[{"text":"Consolidate findings into this structure:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"markdown"},"content":[{"text":"## Anti-pattern Analysis Report\n\n### Summary\n- Total issues: X\n- Critical: X | High: X | Medium: X | Low: X\n- Categories with most issues: [list]\n\n### Critical Issues (Fix Immediately)\n| File | Line | Issue | Category |\n|------|------|-------|----------|\n| ... | ... | ... | ... |\n\n### High Priority Issues\n| File | Line | Issue | Category |\n|------|------|-------|----------|\n| ... | ... | ... | ... |\n\n### Medium Priority Issues\n[Similar table]\n\n### Low Priority / Style Issues\n[Similar table or summary count]\n\n### Recommendations\n1. [Prioritized fix recommendations]\n2. [...]\n\n### Category Breakdown\n- **Security**: X issues (details)\n- **Async/Promises**: X issues (details)\n- **Code Complexity**: X issues (details)\n- [...]","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Optional Flags","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--focus \u003ccategory>","type":"text","marks":[{"type":"code_inline"}]},{"text":": Focus on specific category (security, async, complexity, framework)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--severity \u003clevel>","type":"text","marks":[{"type":"code_inline"}]},{"text":": Minimum severity to report (critical, high, medium, low)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--fix","type":"text","marks":[{"type":"code_inline"}]},{"text":": Attempt automated fixes where safe","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Post-Analysis","type":"text"}]},{"type":"paragraph","content":[{"text":"After consolidating findings:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Prioritize issues by impact and effort","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Suggest which issues can be auto-fixed with ast-grep","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Identify patterns that indicate systemic problems","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Recommend process improvements (linting rules, pre-commit hooks)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"See Also","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reference","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"REFERENCE.md","type":"text","marks":[{"type":"link","attrs":{"href":"REFERENCE.md","title":null}}]},{"text":" - Full YAML rule catalog with ast-grep pattern library","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Skill","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"ast-grep-search","type":"text","marks":[{"type":"code_inline"}]},{"text":" - ast-grep usage reference","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Command","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"/code:review","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Comprehensive code review","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Agent","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"security-audit","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Deep security analysis","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Agent","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"code-refactoring","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Automated refactoring","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Related Configure Skills","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If linting not configured → ","type":"text"},{"text":"/configure:linting","type":"text","marks":[{"type":"code_inline"}]},{"text":" for automated enforcement","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If security scanning not set up → ","type":"text"},{"text":"/configure:security","type":"text","marks":[{"type":"code_inline"}]},{"text":" for CI integration","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"args":"[PATH] [--focus \u003ccategory>] [--severity \u003clevel>]","date":"2026-06-05","name":"code-antipatterns","author":"@skillopedia","source":{"stars":35,"repo_name":"claude-plugins","origin_url":"https://github.com/laurigates/claude-plugins/blob/HEAD/code-quality-plugin/skills/code-antipatterns/SKILL.md","repo_owner":"laurigates","body_sha256":"cdb5418e9247c8afdacac75c6c634747588085efcd1119c65cdf974858654f5b","cluster_key":"21d0a9ed17f0b1d6960657f61cbfbb2da98038139e3b0a866f96e42999cd2e7b","clean_bundle":{"format":"clean-skill-bundle-v1","source":"laurigates/claude-plugins/code-quality-plugin/skills/code-antipatterns/SKILL.md","attachments":[{"id":"409b5ec4-a153-5fc4-895b-9fc725081d2a","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/409b5ec4-a153-5fc4-895b-9fc725081d2a/attachment.md","path":"REFERENCE.md","size":13239,"sha256":"8e7d31c296892fdbc4b149753b34c1a1d483534130446e59dbe952fdaa1fa65a","contentType":"text/markdown; charset=utf-8"}],"bundle_sha256":"8e689e09b59a72d51182ab001b47795fc1468281fb02834f094d8d8d2b1333ad","attachment_count":1,"text_attachments":1,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"code-quality-plugin/skills/code-antipatterns/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"created":"2025-12-16T00:00:00.000Z","version":"v1","category":"security","modified":"2026-05-23T00:00:00.000Z","reviewed":"2026-04-25T00:00:00.000Z","import_tag":"clean-skills-v1","description":"Analyze a codebase for anti-patterns using ast-grep. Use when finding magic numbers, console.logs, var usage, excessive any, eval/innerHTML security issues, or deep nesting.","allowed-tools":"Read, Bash(sg *), Bash(rg *), Glob, Grep, TodoWrite, Task, SlashCommand","argument-hint":"[PATH] [--focus \u003ccategory>] [--severity \u003clevel>]"}},"renderedAt":1782979855163}

When to Use This Skill | Use this skill when... | Use something else instead when... | |------------------------|------------------------------------| | Running a parallel anti-pattern scan and producing a report | Looking up the full YAML rule catalog → see REFERENCE.md | | Specifically targeting empty catches, floating promises, or | Use the dedicated scanner → | | Finding success-on-empty / silent degradation patterns | Use the dedicated scanner → | | Broad code-quality review across security, perf, and architecture | Run the full review delegate → | Context - Analysis path: (defaults to c…