Fresh Eyes Review
Skill Beta

Fresh Eyes Review

Mandatory final sanity check before shipping code. Catches security vulnerabilities, logic errors, and business rule bugs that slip through despite passing tests.

Try It GitHub ← All Products

A Claude Code plugin that runs a structured review of your changed files right before you commit or open a PR. It looks for the stuff that passes tests but shouldn’t ship — SQL injection, race conditions, off-by-one errors, business logic that doesn’t match requirements. The whole point: passing tests prove code works as designed, but fresh-eyes proves the design is correct.

Install

/plugin marketplace add 2389-research/claude-plugins
/plugin install fresh-eyes-review

Once installed, the skill auto-triggers when you say “commit”, “push”, “done”, “creating PR”, or anything that sounds like you’re about to ship.

What it does

Every review follows the same sequence: announce what’s being reviewed, run through five checklists, fix anything found, re-run tests, declare results.

Security vulnerabilities — SQL injection via string concatenation, XSS from unescaped user content, path traversal through ../ sequences, command injection from unsanitized shell input, IDOR from missing access controls, auth bypass on protected endpoints.

Logic errors — Off-by-one bugs in array indices and pagination, race conditions in concurrent access to shared state, null/undefined in dot-chains without defensive checks, type coercion from == vs ===, swallowed errors in empty catch blocks.

Business rules — Calculations that don’t match requirements (especially currency rounding), AND/OR logic inversions, missing edge cases for empty input or zero values, error messages that leak sensitive info, nonsensical defaults for optional fields.

Input validation — Type checks, range boundaries, format validation. The gaps between “the happy path works” and “arbitrary input doesn’t break it.”

Performance — N+1 queries hiding inside loops, unbounded iterations without timeout protection, event listeners and streams that never get cleaned up, queries filtering on unindexed columns.

When the review finds something, it fixes it immediately, adds a test if one’s missing, and re-runs the suite before moving on.

How it works

The review takes 2-5 minutes depending on file count. One to three files: two minutes. Four to ten: three to four. More than ten: five minutes max. If it finishes faster than two minutes, it wasn’t thorough enough. If it takes longer than five, it’s scope-creeping.

The skill announces start and end explicitly — “Starting fresh-eyes review of 4 files” and “Fresh-eyes complete. 2 issues found and fixed” — so you always know the gate ran and what it caught.

Why not just trust the tests

Tests validate what you remembered to check. This catches what you didn’t. A passing test suite and a critical security bug coexist more often than anyone wants to admit. The skill rejects common rationalizations — “tests are comprehensive”, “I’m confident”, “production is blocked” — because those are exactly the conditions under which bugs escape.

30 products · 11 skills · 15 tools · 3 platforms · 5 building · hugo 0.148.2 · 83b76a2 · built Mar 18 22:35
2389 Radio
2389 RADIO Select a station