{"id":"0aa2d0e1-ca9e-41a9-b1b8-865d5cc1652e","shortId":"d6s7bY","kind":"skill","title":"differential-review","tagline":"Security-focused code review for PRs, commits, and diffs.","description":"# Differential Security Review\n\nSecurity-focused code review for PRs, commits, and diffs.\n\n## When to Use\n- You need a security-focused review of a PR, commit range, or diff rather than a general code review.\n- The changes touch auth, crypto, external calls, value transfer, permissions, or other high-risk logic.\n- You need findings backed by code evidence, attack scenarios, and an explicit report artifact.\n\n## Core Principles\n\n1. **Risk-First**: Focus on auth, crypto, value transfer, external calls\n2. **Evidence-Based**: Every finding backed by git history, line numbers, attack scenarios\n3. **Adaptive**: Scale to codebase size (SMALL/MEDIUM/LARGE)\n4. **Honest**: Explicitly state coverage limits and confidence level\n5. **Output-Driven**: Always generate comprehensive markdown report file\n\n---\n\n## Rationalizations (Do Not Skip)\n\n| Rationalization | Why It's Wrong | Required Action |\n|-----------------|----------------|-----------------|\n| \"Small PR, quick review\" | Heartbleed was 2 lines | Classify by RISK, not size |\n| \"I know this codebase\" | Familiarity breeds blind spots | Build explicit baseline context |\n| \"Git history takes too long\" | History reveals regressions | Never skip Phase 1 |\n| \"Blast radius is obvious\" | You'll miss transitive callers | Calculate quantitatively |\n| \"No tests = not my problem\" | Missing tests = elevated risk rating | Flag in report, elevate severity |\n| \"Just a refactor, no security impact\" | Refactors break invariants | Analyze as HIGH until proven LOW |\n| \"I'll explain verbally\" | No artifact = findings lost | Always write report |\n\n---\n\n## Quick Reference\n\n### Codebase Size Strategy\n\n| Codebase Size | Strategy | Approach |\n|---------------|----------|----------|\n| SMALL (<20 files) | DEEP | Read all deps, full git blame |\n| MEDIUM (20-200) | FOCUSED | 1-hop deps, priority files |\n| LARGE (200+) | SURGICAL | Critical paths only |\n\n### Risk Level Triggers\n\n| Risk Level | Triggers |\n|------------|----------|\n| HIGH | Auth, crypto, external calls, value transfer, validation removal |\n| MEDIUM | Business logic, state changes, new public APIs |\n| LOW | Comments, tests, UI, logging |\n\n---\n\n## Workflow Overview\n\n```\nPre-Analysis → Phase 0: Triage → Phase 1: Code Analysis → Phase 2: Test Coverage\n    ↓              ↓                    ↓                        ↓\nPhase 3: Blast Radius → Phase 4: Deep Context → Phase 5: Adversarial → Phase 6: Report\n```\n\n---\n\n## Decision Tree\n\n**Starting a review?**\n\n```\n├─ Need detailed phase-by-phase methodology?\n│  └─ Read: methodology.md\n│     (Pre-Analysis + Phases 0-4: triage, code analysis, test coverage, blast radius)\n│\n├─ Analyzing HIGH RISK change?\n│  └─ Read: adversarial.md\n│     (Phase 5: Attacker modeling, exploit scenarios, exploitability rating)\n│\n├─ Writing the final report?\n│  └─ Read: reporting.md\n│     (Phase 6: Report structure, templates, formatting guidelines)\n│\n├─ Looking for specific vulnerability patterns?\n│  └─ Read: patterns.md\n│     (Regressions, reentrancy, access control, overflow, etc.)\n│\n└─ Quick triage only?\n   └─ Use Quick Reference above, skip detailed docs\n```\n\n---\n\n## Quality Checklist\n\nBefore delivering:\n\n- [ ] All changed files analyzed\n- [ ] Git blame on removed security code\n- [ ] Blast radius calculated for HIGH risk\n- [ ] Attack scenarios are concrete (not generic)\n- [ ] Findings reference specific line numbers + commits\n- [ ] Report file generated\n- [ ] User notified with summary\n\n---\n\n## Integration\n\n**audit-context-building skill:**\n- Pre-Analysis: Build baseline context\n- Phase 4: Deep context on HIGH RISK changes\n\n**issue-writer skill:**\n- Transform findings into formal audit reports\n- Command: `issue-writer --input DIFFERENTIAL_REVIEW_REPORT.md --format audit-report`\n\n---\n\n## Example Usage\n\n### Quick Triage (Small PR)\n```\nInput: 5 file PR, 2 HIGH RISK files\nStrategy: Use Quick Reference\n1. Classify risk level per file (2 HIGH, 3 LOW)\n2. Focus on 2 HIGH files only\n3. Git blame removed code\n4. Generate minimal report\nTime: ~30 minutes\n```\n\n### Standard Review (Medium Codebase)\n```\nInput: 80 files, 12 HIGH RISK changes\nStrategy: FOCUSED (see methodology.md)\n1. Full workflow on HIGH RISK files\n2. Surface scan on MEDIUM\n3. Skip LOW risk files\n4. Complete report with all sections\nTime: ~3-4 hours\n```\n\n### Deep Audit (Large, Critical Change)\n```\nInput: 450 files, auth system rewrite\nStrategy: SURGICAL + audit-context-building\n1. Baseline context with audit-context-building\n2. Deep analysis on auth changes only\n3. Blast radius analysis\n4. Adversarial modeling\n5. Comprehensive report\nTime: ~6-8 hours\n```\n\n---\n\n## When NOT to Use This Skill\n\n- **Greenfield code** (no baseline to compare)\n- **Documentation-only changes** (no security impact)\n- **Formatting/linting** (cosmetic changes)\n- **User explicitly requests quick summary only** (they accept risk)\n\nFor these cases, use standard code review instead.\n\n---\n\n## Red Flags (Stop and Investigate)\n\n**Immediate escalation triggers:**\n- Removed code from \"security\", \"CVE\", or \"fix\" commits\n- Access control modifiers removed (onlyOwner, internal → external)\n- Validation removed without replacement\n- External calls added without checks\n- High blast radius (50+ callers) + HIGH risk change\n\nThese patterns require adversarial analysis even in quick triage.\n\n---\n\n## Tips for Best Results\n\n**Do:**\n- Start with git blame for removed code\n- Calculate blast radius early to prioritize\n- Generate concrete attack scenarios\n- Reference specific line numbers and commits\n- Be honest about coverage limitations\n- Always generate the output file\n\n**Don't:**\n- Skip git history analysis\n- Make generic findings without evidence\n- Claim full analysis when time-limited\n- Forget to check test coverage\n- Miss high blast radius changes\n- Output report only to chat (file required)\n\n---\n\n## Supporting Documentation\n\n- **methodology.md** - Detailed phase-by-phase workflow (Phases 0-4)\n- **adversarial.md** - Attacker modeling and exploit scenarios (Phase 5)\n- **reporting.md** - Report structure and formatting (Phase 6)\n- **patterns.md** - Common vulnerability patterns reference\n\n---\n\n**For first-time users:** Start with methodology.md to understand the complete workflow.\n\n**For experienced users:** Use this page's Quick Reference and Decision Tree to navigate directly to needed content.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["differential","review","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-differential-review","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/differential-review","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34831 github stars · SKILL.md body (6,633 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-24T06:51:04.210Z","embedding":null,"createdAt":"2026-04-18T21:36:06.780Z","updatedAt":"2026-04-24T06:51:04.210Z","lastSeenAt":"2026-04-24T06:51:04.210Z","tsv":"'-200':255 '-4':345,569,789 '-8':615 '0':302,344,788 '1':82,181,257,305,500,544,588 '12':536 '2':94,151,309,492,506,510,513,551,596 '20':244,254 '200':263 '3':108,313,508,517,556,568,603 '30':527 '4':115,317,455,522,561,607 '450':577 '5':124,321,360,489,610,797 '50':691 '6':324,374,614,804 '80':534 'accept':646 'access':389,672 'action':144 'ad':685 'adapt':109 'adversari':322,608,699 'adversarial.md':358,790 'alway':128,231,738 'analysi':300,307,342,348,450,598,606,700,748,756 'analyz':217,353,410 'api':290 'approach':242 'artifact':79,228 'ask':874 'attack':73,106,361,423,725,791 'audit':444,470,480,572,585,593 'audit-context-build':443,584,592 'audit-report':479 'auth':53,88,275,579,600 'back':69,100 'base':97 'baselin':168,452,589,626 'best':707 'blame':252,412,519,713 'blast':182,314,351,417,604,689,718,768 'blind':164 'boundari':882 'break':215 'breed':163 'build':166,446,451,587,595 'busi':284 'calcul':191,419,717 'call':56,93,278,684 'caller':190,692 'case':650 'chang':51,287,356,408,461,539,575,601,632,638,695,770 'chat':775 'check':687,763 'checklist':404 'claim':754 'clarif':876 'classifi':153,501 'clear':849 'code':7,20,48,71,306,347,416,521,624,653,665,716 'codebas':112,161,236,239,532 'command':472 'comment':292 'commit':11,24,40,434,671,732 'common':806 'compar':628 'complet':562,821 'comprehens':130,611 'concret':426,724 'confid':122 'content':840 'context':169,319,445,453,457,586,590,594 'control':390,673 'core':80 'cosmet':637 'coverag':119,311,350,736,765 'criteria':885 'critic':265,574 'crypto':54,89,276 'cve':668 'decis':326,833 'deep':246,318,456,571,597 'deliv':406 'dep':249,259 'describ':853 'detail':332,401,781 'diff':13,26,43 'differenti':2,14 'differential-review':1 'differential_review_report.md':477 'direct':837 'doc':402 'document':630,779 'documentation-on':629 'driven':127 'earli':720 'elev':200,206 'environ':865 'environment-specif':864 'escal':662 'etc':392 'even':701 'everi':98 'evid':72,96,753 'evidence-bas':95 'exampl':482 'experienc':824 'expert':870 'explain':225 'explicit':77,117,167,640 'exploit':363,365,794 'extern':55,92,277,678,683 'familiar':162 'file':133,245,261,409,436,490,495,505,515,535,550,560,578,742,776 'final':369 'find':68,99,229,429,467,751 'first':85,812 'first-tim':811 'fix':670 'flag':203,657 'focus':6,19,35,86,256,511,541 'forget':761 'formal':469 'format':378,478,802 'formatting/linting':636 'full':250,545,755 'general':47 'generat':129,437,523,723,739 'generic':428,750 'git':102,170,251,411,518,712,746 'greenfield':623 'guidelin':379 'heartble':149 'high':63,219,274,354,421,459,493,507,514,537,548,688,693,767 'high-risk':62 'histori':103,171,175,747 'honest':116,734 'hop':258 'hour':570,616 'immedi':661 'impact':213,635 'input':476,488,533,576,879 'instead':655 'integr':442 'intern':677 'invari':216 'investig':660 'issu':463,474 'issue-writ':462,473 'know':159 'larg':262,573 'level':123,269,272,503 'limit':120,737,760,841 'line':104,152,432,729 'll':187,224 'log':295 'logic':65,285 'long':174 'look':380 'lost':230 'low':222,291,509,558 'make':749 'markdown':131 'match':850 'medium':253,283,531,555 'methodolog':337 'methodology.md':339,543,780,817 'minim':524 'minut':528 'miss':188,198,766,887 'model':362,609,792 'modifi':674 'navig':836 'need':31,67,331,839 'never':178 'new':288 'notifi':439 'number':105,433,730 'obvious':185 'onlyown':676 'output':126,741,771,859 'output-driven':125 'overflow':391 'overview':297 'page':828 'path':266 'pattern':384,697,808 'patterns.md':386,805 'per':504 'permiss':59,880 'phase':180,301,304,308,312,316,320,323,334,336,343,359,373,454,783,785,787,796,803 'phase-by-phas':333,782 'pr':39,146,487,491 'pre':299,341,449 'pre-analysi':298,340,448 'principl':81 'priorit':722 'prioriti':260 'problem':197 'proven':221 'prs':10,23 'public':289 'qualiti':403 'quantit':192 'quick':147,234,393,397,484,498,642,703,830 'radius':183,315,352,418,605,690,719,769 'rang':41 'rate':202,366 'rather':44 'ration':134,138 'read':247,338,357,371,385 'red':656 'reentranc':388 'refactor':210,214 'refer':235,398,430,499,727,809,831 'regress':177,387 'remov':282,414,520,664,675,680,715 'replac':682 'report':78,132,205,233,325,370,375,435,471,481,525,563,612,772,799 'reporting.md':372,798 'request':641 'requir':143,698,777,878 'result':708 'reveal':176 'review':3,8,16,21,36,49,148,330,530,654,871 'rewrit':581 'risk':64,84,155,201,268,271,355,422,460,494,502,538,549,559,647,694 'risk-first':83 'safeti':881 'scale':110 'scan':553 'scenario':74,107,364,424,726,795 'scope':852 'section':566 'secur':5,15,18,34,212,415,634,667 'security-focus':4,17,33 'see':542 'sever':207 'size':113,157,237,240 'skill':447,465,622,844 'skill-differential-review' 'skip':137,179,400,557,745 'small':145,243,486 'small/medium/large':114 'source-sickn33' 'specif':382,431,728,866 'spot':165 'standard':529,652 'start':328,710,815 'state':118,286 'stop':658,872 'strategi':238,241,496,540,582 'structur':376,800 'substitut':862 'success':884 'summari':441,643 'support':778 'surfac':552 'surgic':264,583 'system':580 'take':172 'task':848 'templat':377 'test':194,199,293,310,349,764,868 'time':526,567,613,759,813 'time-limit':758 'tip':705 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'touch':52 'transfer':58,91,280 'transform':466 'transit':189 'treat':857 'tree':327,834 'triag':303,346,394,485,704 'trigger':270,273,663 'ui':294 'understand':819 'usag':483 'use':29,396,497,620,651,826,842 'user':438,639,814,825 'valid':281,679,867 'valu':57,90,279 'verbal':226 'vulner':383,807 'without':681,686,752 'workflow':296,546,786,822 'write':232,367 'writer':464,475 'wrong':142","prices":[{"id":"4bf5f095-e9a6-4376-9741-f615f234dbf2","listingId":"0aa2d0e1-ca9e-41a9-b1b8-865d5cc1652e","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:36:06.780Z"}],"sources":[{"listingId":"0aa2d0e1-ca9e-41a9-b1b8-865d5cc1652e","source":"github","sourceId":"sickn33/antigravity-awesome-skills/differential-review","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/differential-review","isPrimary":false,"firstSeenAt":"2026-04-18T21:36:06.780Z","lastSeenAt":"2026-04-24T06:51:04.210Z"}],"details":{"listingId":"0aa2d0e1-ca9e-41a9-b1b8-865d5cc1652e","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"differential-review","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34831,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-24T06:41:17Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"7205bd0daa949a853c491ed2bd9651b270428669","skill_md_path":"skills/differential-review/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/differential-review"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"differential-review","description":"Security-focused code review for PRs, commits, and diffs."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/differential-review"},"updatedAt":"2026-04-24T06:51:04.210Z"}}