code-review
Automated code review for pull requests using specialized review patterns. Analyzes code for quality, security, performance, and best practices. Use when reviewing code changes, PRs, or doing code audits.
Installation
Details
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
npx agent-skills-cli listSkill Instructions
name: code-review description: Automated code review for pull requests using specialized review patterns. Analyzes code for quality, security, performance, and best practices. Use when reviewing code changes, PRs, or doing code audits. source: anthropics/claude-code license: Apache-2.0
Code Review
Review Categories
1. Security Review
Check for:
- SQL injection vulnerabilities
- XSS (Cross-Site Scripting)
- Command injection
- Insecure deserialization
- Hardcoded secrets/credentials
- Improper authentication/authorization
- Insecure direct object references
2. Performance Review
Check for:
- N+1 queries
- Missing database indexes
- Unnecessary re-renders (React)
- Memory leaks
- Blocking operations in async code
- Missing caching opportunities
- Large bundle sizes
3. Code Quality Review
Check for:
- Code duplication (DRY violations)
- Functions doing too much (SRP violations)
- Deep nesting / complex conditionals
- Magic numbers/strings
- Poor naming
- Missing error handling
- Incomplete type coverage
4. Testing Review
Check for:
- Missing test coverage for new code
- Tests that don't test behavior
- Flaky test patterns
- Missing edge cases
- Mocked external dependencies
Review Output Format
## Code Review Summary
### 🔴 Critical (Must Fix)
- **[File:Line]** [Issue description]
- **Why:** [Explanation]
- **Fix:** [Suggested fix]
### 🟡 Suggestions (Should Consider)
- **[File:Line]** [Issue description]
- **Why:** [Explanation]
- **Fix:** [Suggested fix]
### 🟢 Nits (Optional)
- **[File:Line]** [Minor suggestion]
### ✅ What's Good
- [Positive feedback on good patterns]
Common Patterns to Flag
Security
// BAD: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;
// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]);
Performance
// BAD: N+1 query
users.forEach(async user => {
const posts = await getPosts(user.id);
});
// GOOD: Batch query
const userIds = users.map(u => u.id);
const posts = await getPostsForUsers(userIds);
Error Handling
// BAD: Swallowing errors
try {
await riskyOperation();
} catch (e) {}
// GOOD: Handle or propagate
try {
await riskyOperation();
} catch (e) {
logger.error('Operation failed', { error: e });
throw new AppError('Operation failed', { cause: e });
}
Review Checklist
- No hardcoded secrets
- Input validation present
- Error handling complete
- Types/interfaces defined
- Tests added for new code
- No obvious performance issues
- Code is readable and documented
- Breaking changes documented
More by skillcreatorai
View allDeploy Expo apps to iOS App Store, Android Play Store, and web.
Automatically organizes invoices and receipts for tax preparation by reading messy files, extracting key information, renaming them consistently, and sorting them into logical folders. Turns hours of manual bookkeeping into minutes of automated organization.
Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.
Code refactoring patterns and techniques for improving code quality without changing behavior. Use for cleaning up legacy code, reducing complexity, or improving maintainability.