---

name: common-pitfalls description: Orchestrates pitfall prevention skills for common development issues. Auto-triggered during code review to check for TanStack Query, Drizzle ORM, Express API, React, WebSocket, blockchain RPC, and security pitfalls.

Common Pitfalls Prevention

Orchestrates specialized pitfall prevention skills learned from production issues. Use during code review to automatically check for common mistakes.

When to Use

• During code review (auto-triggered by full-review skill)
• Before committing changes
• When debugging production issues
• Reviewing unfamiliar code patterns

Workflow

Step 1: Identify Code Categories

Based on changed files, determine which sub-skills to invoke:

Step 2: Invoke Relevant Sub-Skills

For each category found, invoke the corresponding skill for detailed patterns.

Step 3: Generate Combined Report

Aggregate findings from all invoked sub-skills.

Sub-Skills Reference

Quick Reference Checklist

Core

• TanStack Query keys use full URL paths
• Mutations invalidate relevant queries
• Drizzle types exported for all models
• API routes return correct status codes
• All RPC calls wrapped in try/catch
• WebSocket has heartbeat/reconnection
• React components handle loading/error states
• No secrets in logs or frontend code

Type Safety

• No any types - use unknown and narrow
• Types inferred from schema ($inferSelect, z.infer)
• Type guards for runtime validation

Financial

• BigInt for all token amounts
• Decimal.js for price calculations
• Proper rounding (floor/ceil)

Blockchain

• Gas estimation with buffer
• EIP-1559 gas pricing
• Transaction simulation before send
• Multicall uses allowFailure: true

Security

• Session keys have expiry and limits
• AES-256-GCM for stored credentials
• Audit logging for sensitive operations
• Rate limiting with exponential backoff