Skillget

devils-advocate

skill
Guvenlik Denetimi
Basarisiz
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 8 GitHub stars
Code Basarisiz
  • fs.rmSync — Destructive file system operation in plugin/hooks/hooks.json
  • fs module — File system access in plugin/hooks/hooks.json
  • fs module — File system access in plugin/scripts/check-consistency.sh
  • fs module — File system access in plugin/scripts/test-plugin.sh
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is a Claude Code plugin that provides automated, adversarial self-critique. It forces the AI to review its own generated code or project plans across multiple dimensions—such as security, performance, and correctness—using strict pass/fail criteria before delivering the final output to the user.

Security Assessment
The overall security risk is Medium. The tool operates primarily through shell scripts and relies heavily on local file system access to read code and write critique logs. The most significant flag is the presence of a destructive file system operation (`fs.rmSync`) located in a hooks configuration file. While this might simply be standard cleanup logic (such as deleting temporary files after a run), it still introduces a risk of unintended data loss if the plugin misfires or is improperly configured. The repository does not request overtly dangerous permissions, and no hardcoded secrets or external network requests were detected.

Quality Assessment
The project is fresh and actively maintained, with its most recent updates pushed today. It is properly licensed under the permissive and standard MIT license. However, it has very low community visibility, currently sitting at only 8 GitHub stars. Because of this low adoption rate, the codebase has likely not undergone extensive peer review or real-world stress testing by the broader developer community.

Verdict
Use with caution. While the plugin's concept of forcing rigorous self-critique is valuable and the code is open source, users should carefully review the destructive `fs.rmSync` hook to ensure it cannot accidentally delete critical project files.
SUMMARY

A Claude Code plugin that adds adversarial self-critique to every task. Claude scores its own work across multiple dimensions, identifies weaknesses, and proposes improvements — before you ship anything.

README.md

Devil's Advocate

devils-advocate

Claude's harshest critic. A Claude Code plugin that critiques Claude's work with binary pass/fail evaluation — every criterion either passes or fails, no percentage scores, no wiggle room.

Why

Claude writes code confidently. Too confidently. Left unchecked, it'll tell you everything looks wonderful right up until production catches fire. Inspired by Confidently Wrong.

A devil's advocate argues against a position not because they believe the other side, but to surface the holes everyone else missed. This plugin gives Claude that role — the skeptical colleague who says "yeah, but what about..." instead of "LGTM."

Every criterion demands file:line evidence and a fix suggestion — no hand-waving, no vibes-based reviews.

What it catches

It'll flag you for reinventing bcrypt, missing authorization checks, duplicating a helper that already exists three directories away, writing plans where step 4 depends on step 7, N+1 queries in hot paths, and shipping without a rollback strategy. It knows when you're hand-rolling auth instead of using a battle-tested library, and it won't let you forget that "works on my machine" isn't a testing strategy.

It works on both code and plans — auto-detecting which criteria set to use based on what you're reviewing.

Install

/plugin marketplace add brandonsimpson/devils-advocate
/plugin install devils-advocate@devils-advocate
Manual install 
git clone https://github.com/brandonsimpson/devils-advocate.git ~/.claude/plugins/devils-advocate

Add to ~/.claude/settings.json:

{
  "plugins": [
    "~/.claude/plugins/devils-advocate"
  ]
}

Or single session: claude --plugin-dir ~/.claude/plugins/devils-advocate

Commands

Slash command Natural language
/devils-advocate:critique "critique" or "critique this plan"
/devils-advocate:log "show critique log"

/devils-advocate:critique

Binary pass/fail critique across every dimension that matters. Auto-detects whether you're reviewing code or a plan document.

Code critique (17 criteria, 7 dimensions):

  • Correctness — Tests pass? Logic correct? Edge cases handled?
  • Security — No hardcoded secrets, input validated, no injection vectors, auth enforced?
  • Quality — No dead code, no placeholders, errors handled properly?
  • Performance — No N+1 queries, no O(n^2) in hot paths?
  • Consistency — Types match, naming follows conventions, patterns followed?
  • Integration — Imports resolve, tests exist, no regressions?

Plan critique (19 criteria, 9 dimensions):

  • Completeness — Requirements covered, no placeholders, edge cases addressed?
  • Correctness — APIs verified against docs, patterns match library usage?
  • Testability — Specific tests per step, E2E verification strategy?
  • Security — Secrets managed properly, input validated, auth designed?
  • Consistency — Types consistent, naming follows conventions?
  • Simplicity — No overengineering, no reinventing solved problems?
  • Dependencies — Correct task ordering, all deps available?
  • Resilience — Rollback plan exists, performance considered?
  • Integration — Import paths valid, follows project patterns?

Every FAIL comes with a Fix: suggestion. Example output:

DEVIL'S ADVOCATE CRITIQUE (Binary Eval)
═══════════════════════════════════════

Target: code changes for webhook handler

  Correctness:
    tests-pass ...... PASS
    logic-correct ... PASS
    edge-cases ...... FAIL — No handling for empty payload at webhook.ts:45.
                      Fix: Add early return with 400 status for empty/malformed payloads.

  Security:
    no-secrets ...... PASS
    input-validated . FAIL — String interpolation in buildQuery() at db.ts:23.
                      Fix: Use parameterized query builder.
    no-injection .... FAIL — innerHTML used at dashboard.tsx:89.
                      Fix: Use textContent or a sanitization library.
    auth-enforced ... PASS

  ...

Result: 12/17 PASS — 5 criteria need fixing

Failing criteria with fixes:
1. edge-cases: Add early return for empty payloads at webhook.ts:45
2. input-validated: Use parameterized queries at db.ts:23
3. no-injection: Replace innerHTML at dashboard.tsx:89
4. ...

/devils-advocate:log

Session history — total checks, pass rate trend, and git SHA linking each check to a specific commit. Individual critiques are saved to .devils-advocate/logs/ for later reference.

Standards & Project Awareness

The critique skill automatically discovers your project's documented standards before evaluating:

  • CLAUDE.md / AGENTS.md — Your conventions, required patterns, and constraints. Standards violations cause relevant criteria to FAIL.
  • ADR files — Searched in docs/adr/, docs/decisions/, adr/, decisions/, doc/architecture/decisions/, and **/ADR-*.md
  • Existing patterns — Utilities, helpers, and conventions already in your codebase that the critiqued code might be duplicating.

Session Log & Hooks

Every check is logged to .devils-advocate/session.md with a git SHA, so you can correlate results with specific commits. Full critique output is saved to individual files in .devils-advocate/logs/. Add .devils-advocate/ to your .gitignore.

A pre-commit hook nudges you to run a critique before committing — the commit still proceeds, it's just a reminder. A plan-file hook suggests running /devils-advocate:critique when you write a plan file. Both hooks are configurable via .devils-advocate/config.json:

{"hooks": {"pre-commit-warning": false, "plan-file-detect": false}}

License

MIT

Yorumlar (0)

Sonuc bulunamadi