code-reviewer
Code Reviewer
Purpose
Provides thorough code review expertise with focus on correctness, security, performance, and maintainability. Identifies bugs, security vulnerabilities, and code quality issues while suggesting improvements.
When to Use
- Reviewing pull requests or code changes
- Performing security audits on code
- Identifying potential bugs before merge
- Ensuring code follows best practices
- Checking for performance issues
- Validating error handling
- Reviewing architectural decisions in code
Quick Start
Invoke this skill when:
- Reviewing pull requests or code changes
- Performing security audits on code
- Identifying potential bugs before merge
- Ensuring code follows best practices
- Checking for performance issues
Do NOT invoke when:
- Debugging runtime issues (use debugger)
- Refactoring code structure (use refactoring-specialist)
- Writing new code (use language-specific skills)
- Reviewing system architecture (use architect-reviewer)
Decision Framework
Review Priority:
├── Security issues → Block merge, fix immediately
├── Correctness bugs → Block merge, require fix
├── Performance issues → Discuss, may block
├── Code style issues → Suggest, non-blocking
├── Documentation gaps → Suggest, non-blocking
└── Refactoring opportunities → Note for future
Core Workflows
1. Pull Request Review
- Understand the intent from PR description
- Review for correctness and logic errors
- Check for security vulnerabilities
- Assess performance implications
- Verify error handling completeness
- Check test coverage
- Provide actionable feedback
2. Security-Focused Review
- Check input validation and sanitization
- Review authentication and authorization
- Look for injection vulnerabilities
- Verify sensitive data handling
- Check for hardcoded secrets
- Review dependency security
- Assess cryptographic usage
3. Performance Review
- Identify N+1 query patterns
- Check for unnecessary allocations
- Review algorithm complexity
- Assess caching opportunities
- Check for blocking operations
- Review database query efficiency
Best Practices
- Review code, not the author
- Be specific about issues and fixes
- Explain the "why" behind suggestions
- Prioritize comments by severity
- Acknowledge good patterns too
- Use automated tools first (linters, SAST)
Anti-Patterns
| Anti-Pattern | Problem | Correct Approach |
|---|---|---|
| Nitpicking style | Wastes time, frustrates authors | Use automated formatters |
| No context | Reviewer doesn't understand changes | Read PR description, linked issues |
| Blocking on opinions | Delays delivery unnecessarily | Distinguish must-fix from nice-to-have |
| Drive-by reviews | Comments without resolution | Follow through on discussions |
| No positive feedback | Demoralizing for authors | Highlight good patterns |
More from neversight/skills.sh_feed
tmux-processes
Patterns for running long-lived processes in tmux. Use when starting dev servers, watchers, tilt, or any process expected to outlive the conversation.
6python-typing-patterns
Python type hints and type safety patterns. Triggers on: type hints, typing, TypeVar, Generic, Protocol, mypy, pyright, type annotation, overload, TypedDict.
2using-xtool
This skill should be used when building iOS apps with xtool (Xcode-free iOS development), creating xtool projects, adding app extensions, or configuring xtool.yml. Triggers on "xtool", "SwiftPM iOS", "iOS on Linux", "iOS on Windows", "Xcode-free", "app extension", "widget extension", "share extension". Covers project setup, app extensions, and deployment.
2explain
Deep explanation of complex code, files, or concepts. Routes to expert agents, uses structural search, generates mermaid diagrams. Triggers on: explain, deep dive, how does X work, architecture, data flow.
1xiaohongshu-skill
小红书内容发布技能,提供检查登录状态和发布图文内容的功能。不依赖MCP,使用内置JavaScript脚本执行小红书相关操作。
1tilt
Queries Tilt resource status, logs, and manages dev environments. Use when checking deployment health, investigating errors, reading logs, or working with Tiltfiles.
1