skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
paulrberg/agent-skills2.1k installs

code-polish

Polish changed code when the user explicitly asks, or when an active workflow requests post-implementation simplification and risk-profiled review over a fixed file scope.

How do I install this agent skill?

npx skills add https://github.com/paulrberg/agent-skills --skill code-polish
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill is a safe orchestration tool designed to automate code simplification and review workflows using git commands and internal sub-skills.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • Runlayerwarn

    1/1 file flagged

  • ZeroLeakspass

    1 finding · Score: 86/100

What does this agent skill do?

Code Polish

Resolve scope once, make only high-confidence simplifications, fix evidenced defects by risk, and verify the final state.

Modes

  • --simplify: simplify only.
  • --review: review and fix only.
  • Neither or both: simplify, then review the simplified result.
  • --with-profile <name> / --skip-profile <name>: add or suppress review profiles; skip wins.

Fixed Scope

  1. Require a Git repository.
  2. Use explicit paths, patterns, ranges, natural-language targets, or a supplied resolved-scope block when present. Otherwise use only files modified in this session; if session history is unavailable, use all uncommitted tracked and untracked files.
  3. Exclude lockfiles, generated outputs, vendored code, minified bundles, and large data snapshots from manual review unless explicitly requested. Validate relevant excluded outputs through their generator, schema, or invariants.
  4. Emit one authoritative resolved-scope block and optional excluded-scope block. Do not broaden or recompute scope later. Stop if it is empty.

Simplify

Preserve public contracts, inputs, outputs, side effects, error behavior, performance-sensitive characteristics, telemetry, and operational guards. Apply only changes with a concrete comprehension or defect-risk benefit:

  • flatten avoidable control-flow nesting;
  • clarify misleading names or dense transforms;
  • remove real duplication when the abstraction reduces total complexity;
  • tighten local types and contracts without broad churn;
  • remove only dead code caused by this session's edits.

Do not split by line count, perform architecture cleanup, convert sync/async APIs, add speculative configurability, or replace readable duplication with a one-use abstraction. A no-op is a valid result.

Review and Fix

Judge the diff against the user's request. Prioritize CRITICAL → HIGH → MEDIUM → LOW:

  • CRITICAL: exploitable security, data loss, or critical outage path.
  • HIGH: behavior, error-path, boundary, or performance defect affecting core behavior.
  • MEDIUM: resource leak, complexity hotspot, test gap, over-scoped change, speculative complexity, or weak success criterion likely to cause defects.
  • LOW: localized clarity or style issue with a real maintenance cost.

Every finding must cite a verified location, triggering input/state, failure mode, blast radius, and evidence in the changed code. Merge duplicates and apply the smallest defensible fix. When intent is ambiguous, stop or record the assumption instead of guessing.

Select every applicable profile and read it once:

SurfaceProfile
auth, secrets, crypto, external input/network, unsafe parsingsecurity
env, config, timeouts, retries, pools, limitsconfiguration
Go behavior, concurrency, context, errorsgo
TypeScript types, modules, packages, async behaviortypescript
Python services, scripts, async, packaging, data IOpython
shell, CI, deploy, installers, quotingshell
CSV/JSON/YAML/binary, schemas, migrations, generated datadata-formats
naming and intent claritynaming unless skipped

Profiles live at references/profiles/<name>.md. Missing selected profiles are a stop condition.

Verification and Report

Run the narrowest formatter/lint, targeted tests, typecheck, and invariant checks that prove the final touched behavior. Broaden only for shared contracts. Name skipped checks and why.

Report Scope, Simplifications when run, Review Findings and Fixes when run, Verification, and Residual Risks. Findings include severity, location, impact, evidence, fix, and confidence. A residual risk states the assumption, consequence if wrong, and how to check it. Completion requires fixed scope, traceable edits/findings, and validation evidence.

Stop when behavior parity or required high-risk validation cannot be established, or a fix requires an unrequested public-contract change or larger redesign.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/paulrberg/agent-skills/code-polish">View code-polish on skillZs</a>