Claude
Skills
Sign in
Back

rust-review

Included with Lifetime
$97 forever

Audits Rust code for unsafe blocks, ownership issues, and Cargo dependency risks. Use when reviewing Rust code or before merging Rust changes.

code-reviewrustownershipconcurrencyunsafetraitscargo

What this skill does

## Table of Contents

- [Quick Start](#quick-start)
- [When to Use](#when-to-use)
- [Required TodoWrite Items](#required-todowrite-items)
- [Progressive Loading](#progressive-loading)
- [Core Workflow](#core-workflow)
- [Rust Quality Checklist](#rust-quality-checklist)
- [Safety](#safety)
- [Correctness](#correctness)
- [Performance](#performance)
- [Idioms](#idioms)
- [Output Format](#output-format)
- [Summary](#summary)
- [Ownership Analysis](#ownership-analysis)
- [Error Handling](#error-handling)
- [Concurrency](#concurrency)
- [Unsafe Audit](#unsafe-audit)
- [[U1] file:line](#[u1]-file:line)
- [Dependencies](#dependencies)
- [Recommendation](#recommendation)
- [Exit Criteria](#exit-criteria)


# Rust Review Workflow

Expert-level Rust code audits with focus on safety, correctness, and idiomatic patterns.

## Quick Start

```bash
/rust-review
```
**Verification:** Run the command with `--help` flag to verify availability.

## When To Use

- Reviewing Rust code changes
- Auditing unsafe blocks
- Analyzing concurrency patterns
- Dependency security review
- Performance optimization review

## When NOT To Use

- General code review without Rust - use unified-review
- Performance profiling - use parseltongue:python-performance pattern

## Required TodoWrite Items

1. `rust-review:ownership-analysis`
2. `rust-review:error-handling`
3. `rust-review:concurrency`
4. `rust-review:unsafe-audit`
5. `rust-review:cargo-deps`
6. `rust-review:evidence-log`
7. `rust-review:findings-verified`

## Progressive Loading

Load modules as needed based on review scope:

**Quick Review** (ownership and errors):
- See `modules/ownership-analysis.md` for borrowing and lifetime analysis
- See `modules/error-handling.md` for Result/Option patterns

**Concurrency Focus**:
- See `modules/concurrency-patterns.md` for async and sync primitives

**Safety Audit**:
- See `modules/unsafe-audit.md` for unsafe block documentation

**Dependency Review**:
- See `modules/cargo-dependencies.md` for vulnerability scanning

**Idiomatic Patterns**:
- See `modules/builtin-preference.md` for conversion traits and builtin preference

## Core Workflow

1. **Ownership Analysis**: Check borrowing, lifetimes, clone patterns
2. **Error Handling**: Verify Result/Option usage, propagation
3. **Concurrency**: Review async patterns, sync primitives
4. **Unsafe Audit**: Document invariants, FFI contracts
5. **Dependencies**: Scan for vulnerabilities, updates
6. **Evidence Log**: Record commands and findings

## Rust Quality Checklist

### Safety
- [ ] All unsafe blocks documented with SAFETY comments
- [ ] FFI boundaries properly wrapped
- [ ] Memory safety invariants maintained
- [ ] `mlock`/`munlock` calls: RLIMIT verified, page-aligned,
  ENOMEM handled

### Correctness
- [ ] Error handling complete
- [ ] Concurrency patterns sound
- [ ] Tests cover critical paths

### Performance
- [ ] No unnecessary allocations
- [ ] Borrowing preferred over cloning
- [ ] Async properly non-blocking

### Idioms
- [ ] Standard traits implemented
- [ ] Conversion traits preferred over helper functions
- [ ] Error types well-designed
- [ ] Documentation complete

## Output Format

```markdown
## Summary
Rust audit findings

## Ownership Analysis
[borrowing and lifetime issues]

## Error Handling
[error patterns and issues]

## Concurrency
[async and sync patterns]

## Unsafe Audit
### [U1] file:line
- Invariants: [documented]
- Anchor: `verbatim source text at file:line`
- Risk: [assessment]
- Recommendation: [action]

## Dependencies
[cargo audit results]

## Recommendation
Approve / Approve with actions / Block
```
**Verification:** Run the command with `--help` flag to verify availability.

## Verify Findings Are Grounded (`rust-review:findings-verified`)

Every finding must cite a real location and a verbatim anchor. Write
findings to `.review/findings.json` and confirm each citation resolves:

```bash
python plugins/imbue/scripts/citation_verifier.py \
  --findings .review/findings.json --repo-root .
```

Drop or label `UNVERIFIED` any finding the verifier fails (exit `1`); only
verified findings enter the report. See `Skill(imbue:review-core)` Step 5
and `Skill(imbue:structured-output)` for the schema.

## Exit Criteria

- All unsafe blocks audited
- Concurrency patterns verified
- Dependencies scanned
- Evidence logged
- Action items assigned
- Every reported finding carries a `Location` + verbatim `Anchor` confirmed by `citation_verifier.py` (exit `0`), or unverified findings were dropped or labeled `UNVERIFIED`
Files: 17
Size: 63.6 KB
Complexity: 57/100
Category: code-review
Source: https://github.com/athola/claude-night-market/tree/main/plugins/pensive/skills/rust-review

Related in code-review

api-review

Included

Evaluates API surface design, consistency, and exemplar alignment. Use when reviewing public API changes or before releasing a new API surface.

code-review

bug-review

Included

Hunts bugs with evidence trails. Use when investigating unexpected behavior or before merging code with potential hidden defects.

code-review
Sign up & unlock — $97