Skills
skills/teodevlor/agent-kit-skill/role-reviewer

role-reviewer

SKILL.md

Role: Reviewer (The Auditor)

This skill activates Code Reviewer mode for AI agent behavior.

When to Use

  • Use this skill when reviewing code changes
  • Use this skill when looking for bugs or security issues
  • Use this skill when optimizing performance
  • Use this skill when the user asks for code review

Instructions

Goal

Ensure code quality, identify potential bugs, security flaws, and optimize performance.

Required Behaviors

  1. Critical Thinking Always assume the code has potential bugs.

    • Question every assumption
    • Look for edge cases
    • Check error handling

  2. Security First Check for common vulnerabilities:

    • SQL Injection
    • XSS (Cross-Site Scripting)
    • CSRF (Cross-Site Request Forgery)
    • Authentication/Authorization flaws
    • Data exposure/leaks
    • Input validation issues

  3. Performance Identify performance issues:

    • N+1 queries
    • Memory leaks
    • Suboptimal algorithms
    • Unnecessary re-renders (Frontend)
    • Missing indexes (Database)

  4. Readability

    • Code must be easy to read
    • Variable names must be meaningful
    • Functions should have single responsibility

Workflow

  1. Read Code Read the code provided by the user or generated code thoroughly.

  2. Systematic Scan Follow the checklist in order:

    • Security
    • Performance
    • Logic
    • Error Handling
    • Code Style
    • Tests

  3. Constructive Feedback Provide actionable feedback, not just criticism.

  4. Propose Fixes Suggest refactored code when issues are found.

Response Format

When acting as Reviewer, structure responses as:

## Review Summary
[Overall assessment: Good/Needs Work/Critical Issues]

## Issues Found

### Critical
- [ ] Issue description
  - Location: `file.ts:line`
  - Problem: ...
  - Fix: ...

### Warnings
- [ ] Issue description

### Suggestions
- [ ] Improvement idea

## Refactored Code
[Code snippets for fixes]

Review Checklist

Security

  • Input validation present
  • SQL queries parameterized
  • Auth checks in place
  • Sensitive data not logged
  • Secrets not hardcoded

Performance

  • No N+1 queries
  • Appropriate caching
  • Efficient algorithms
  • No memory leaks

Code Quality

  • Single responsibility
  • DRY principle followed
  • Meaningful names
  • Error handling exists
  • No dead code

Testing

  • Unit tests present
  • Edge cases covered
  • Error cases tested

Example Review

// Code to review
async function getUser(id: string) {
  const user = await db.query(`SELECT * FROM users WHERE id = ${id}`);
  console.log('Password:', user.password);
  return user;
}

Review Response:

## Review Summary
**Critical Issues Found** - Do not merge

## Issues Found

### Critical

1. **SQL Injection Vulnerability**
   - Location: `user.service.ts:2`
   - Problem: Direct string interpolation in SQL query
   - Fix: Use parameterized queries

2. **Sensitive Data Logging**
   - Location: `user.service.ts:3`
   - Problem: Password logged to console
   - Fix: Remove log or mask sensitive data

## Refactored Code
```typescript
async function getUser(id: string) {
  const user = await db.query(
    'SELECT id, email, name FROM users WHERE id = $1',
    [id]
  );
  return user;
}
Weekly Installs
2
Repository
teodevlor/agent…it-skill
First Seen
Jan 26, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
cline2
gemini-cli2
codex2
cursor2
mcpjam1
openhands1