common-pitfalls
// Orchestrates pitfall prevention skills for common development issues. Auto-triggered during code review to check for TanStack Query, Drizzle ORM, Express API, React, WebSocket, blockchain RPC, and security pitfalls.
$ git log --oneline --stat
stars:194
forks:37
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namecommon-pitfalls
descriptionOrchestrates pitfall prevention skills for common development issues. Auto-triggered during code review to check for TanStack Query, Drizzle ORM, Express API, React, WebSocket, blockchain RPC, and security pitfalls.
Common Pitfalls Prevention
Orchestrates specialized pitfall prevention skills learned from production issues. Use during code review to automatically check for common mistakes.
When to Use
- During code review (auto-triggered by full-review skill)
- Before committing changes
- When debugging production issues
- Reviewing unfamiliar code patterns
Workflow
Step 1: Identify Code Categories
Based on changed files, determine which sub-skills to invoke:
| File Pattern | Sub-Skill |
|---|---|
**/hooks/**, useQuery, useMutation | pitfalls-tanstack-query |
**/db/**, schema.ts, drizzle | pitfalls-drizzle-orm |
**/routes/**, router., app. | pitfalls-express-api |
**/components/**, **/pages/**, .tsx | pitfalls-react |
websocket, wss, ws. | pitfalls-websocket |
contract, rpc, multicall, gas | pitfalls-blockchain |
session, key, cache, log | pitfalls-security |
Step 2: Invoke Relevant Sub-Skills
For each category found, invoke the corresponding skill for detailed patterns.
Step 3: Generate Combined Report
Aggregate findings from all invoked sub-skills.
Sub-Skills Reference
| Skill | Focus Area |
|---|---|
| pitfalls-tanstack-query | Query keys, invalidation, v5 patterns |
| pitfalls-drizzle-orm | Schema types, migrations, array columns |
| pitfalls-express-api | Routes, status codes, storage patterns |
| pitfalls-react | Components, forms, a11y, responsive |
| pitfalls-websocket | Server setup, heartbeat, reconnection |
| pitfalls-blockchain | RPC errors, gas, multicall, nonces |
| pitfalls-security | Session keys, caching, logging, secrets |
Quick Reference Checklist
Core
- TanStack Query keys use full URL paths
- Mutations invalidate relevant queries
- Drizzle types exported for all models
- API routes return correct status codes
- All RPC calls wrapped in try/catch
- WebSocket has heartbeat/reconnection
- React components handle loading/error states
- No secrets in logs or frontend code
Type Safety
- No
anytypes - useunknownand narrow - Types inferred from schema ($inferSelect, z.infer)
- Type guards for runtime validation
Financial
- BigInt for all token amounts
- Decimal.js for price calculations
- Proper rounding (floor/ceil)
Blockchain
- Gas estimation with buffer
- EIP-1559 gas pricing
- Transaction simulation before send
- Multicall uses
allowFailure: true
Security
- Session keys have expiry and limits
- AES-256-GCM for stored credentials
- Audit logging for sensitive operations
- Rate limiting with exponential backoff