design-review
Enhances design quality by identifying and fixing visual inconsistencies and interaction issues in source code.
Install this skill
Security score
The design-review skill was audited on Jun 5, 2026 and we found 24 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Piping content to bash shell
| 221 | 3. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash` |
Curl to non-GitHub URL
| 221 | 3. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash` |
Access to hidden dotfiles in home directory
| 28 | _UPD=$(~/.claude/skills/chief/bin/chief-update-check 2>/dev/null || .claude/skills/chief/bin/chief-update-check 2>/dev/null || true) |
Access to hidden dotfiles in home directory
| 30 | mkdir -p ~/.chief/sessions |
Access to hidden dotfiles in home directory
| 31 | touch ~/.chief/sessions/"$PPID" |
Access to hidden dotfiles in home directory
| 32 | _SESSIONS=$(find ~/.chief/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
Access to hidden dotfiles in home directory
| 33 | find ~/.chief/sessions -mmin +120 -type f -delete 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 34 | _CONTRIB=$(~/.claude/skills/chief/bin/chief-config get chief_contributor 2>/dev/null || true) |
Access to hidden dotfiles in home directory
| 35 | _PROACTIVE=$(~/.claude/skills/chief/bin/chief-config get proactive 2>/dev/null || echo "true") |
Access to hidden dotfiles in home directory
| 39 | _LAKE_SEEN=$([ -f ~/.chief/.completeness-intro-seen ] && echo "yes" || echo "no") |
Access to hidden dotfiles in home directory
| 41 | mkdir -p ~/.chief/analytics |
Access to hidden dotfiles in home directory
| 42 | echo '{"skill":"design-review","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.chief/analytics/skil |
Access to hidden dotfiles in home directory
| 48 | If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/chief/chief-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with 4 |
Access to hidden dotfiles in home directory
| 57 | touch ~/.chief/.completeness-intro-seen |
Access to hidden dotfiles in home directory
| 109 | **To file:** write `~/.chief/contributor-logs/{slug}.md` with **all sections below** (do not truncate — include every section through the Date/Version footer): |
Access to hidden dotfiles in home directory
| 210 | [ -z "$B" ] && B=~/.claude/skills/chief/browse/dist/browse |
Access to hidden dotfiles in home directory
| 638 | source <(~/.claude/skills/chief/bin/chief-slug 2>/dev/null) && mkdir -p ~/.chief/projects/$SLUG |
Access to hidden dotfiles in home directory
| 640 | Write to: `~/.chief/projects/{slug}/{user}-{branch}-design-audit-{datetime}.md` |
Access to hidden dotfiles in home directory
| 856 | source <(~/.claude/skills/chief/bin/chief-slug 2>/dev/null) && mkdir -p ~/.chief/projects/$SLUG |
Access to hidden dotfiles in home directory
| 858 | Write to `~/.chief/projects/{slug}/{user}-{branch}-design-audit-{datetime}.md` |
External URL reference
| 52 | thing when AI makes the marginal cost near-zero. Read more: https://garryslist.org/posts/boil-the-ocean" |
External URL reference
| 56 | open https://garryslist.org/posts/boil-the-ocean |
External URL reference
| 171 | | Target URL | (auto-detect or ask) | `https://myapp.com`, `http://localhost:3000` | |
External URL reference
| 221 | 3. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash` |