code-reviewer
SKILL.md
Code Reviewer Skill
Overview
This skill provides comprehensive code review capabilities across multiple programming languages including TypeScript, JavaScript, Python, Swift, and Kotlin. Focus areas: code quality, security, performance, and maintainability.
Quick Start
- Identify scope - Files or PR to review
- Run analysis - Check code quality, security, performance
- Document findings - Categorize by severity
- Provide recommendations - Actionable improvements
- Generate report - Structured review output
When to Use
- Pull request reviews
- Pre-merge quality gates
- Code audit requirements
- Security assessments
- Performance optimization reviews
- Onboarding code familiarization
Review Categories
1. Code Quality
| Aspect | Check For |
|---|---|
| Clarity | Readable, self-documenting code |
| Naming | Descriptive, consistent conventions |
| Structure | Single responsibility, appropriate abstraction |
| DRY | No unnecessary duplication |
| Complexity | Cyclomatic complexity within limits |
2. Security
| Aspect | Check For |
|---|---|
| Input validation | All user inputs validated |
| SQL injection | Parameterized queries |
| XSS | Output encoding |
| Auth/AuthZ | Proper authentication and authorization |
| Secrets | No hardcoded credentials |
| Dependencies | Updated, no known vulnerabilities |
3. Performance
| Aspect | Check For |
|---|---|
| Algorithms | Appropriate time complexity |
| Memory | No leaks, efficient usage |
| Database | Optimized queries, proper indexing |
| Caching | Appropriate cache usage |
| Async | Non-blocking operations where needed |
4. Testing
| Aspect | Check For |
|---|---|
| Coverage | Critical paths tested |
| Quality | Meaningful assertions |
| Isolation | Tests don't depend on each other |
| Edge cases | Boundary conditions covered |
| Mocking | Minimal, appropriate mocking |
Review Process
Step 1: Context Gathering
## Review Context
- **PR/Files:** [identifier]
- **Author:** [name]
- **Purpose:** [feature/bugfix/refactor]
- **Related:** [issues/tickets]
Step 2: High-Level Analysis
Scan for:
- Overall change scope
- Architectural impact
- Breaking changes
- New dependencies
Step 3: Detailed Review
For each file:
### [filename]
**Changes:** [summary]
**Findings:**
- [severity] [category]: [description]
- Location: line X
- Recommendation: [action]
Step 4: Security Deep Dive
Special attention to:
- Authentication flows
- Data handling
- API endpoints
- Configuration files
- Environment variables
Step 5: Test Verification
- Run existing tests
- Verify new test coverage
- Check test quality
- Identify missing tests
Severity Levels
| Level | Description | Action |
|---|---|---|
| Critical | Security vulnerability, data loss risk | Block merge |
| High | Bugs, significant issues | Must fix |
| Medium | Code quality, maintainability | Should fix |
| Low | Style, minor improvements | Consider |
| Info | Suggestions, observations | Optional |
Review Checklist
General
- Code compiles/builds without errors
- No merge conflicts
- Branch is up to date with target
- Commit messages are clear
Functionality
- Requirements are met
- Edge cases handled
- Error handling is appropriate
- No regression in existing functionality
Code Quality
- Follows project coding standards
- No code smells or anti-patterns
- Appropriate comments (not excessive)
- No dead code or debug statements
Security
- No hardcoded secrets
- Input validation present
- Output encoding where needed
- Proper error messages (no info leak)
Testing
- New code has tests
- All tests pass
- Test coverage adequate
- Tests are meaningful
Documentation
- README updated if needed
- API docs updated if applicable
- Breaking changes documented
Common Anti-Patterns
Code Smells
| Pattern | Problem | Solution |
|---|---|---|
| God Object | Class does too much | Split responsibilities |
| Feature Envy | Method uses other class more | Move to appropriate class |
| Long Method | Hard to understand | Extract smaller methods |
| Magic Numbers | Unclear meaning | Use named constants |
| Deep Nesting | Hard to follow | Early returns, extraction |
Security Issues
| Pattern | Problem | Solution |
|---|---|---|
| SQL Concat | Injection risk | Parameterized queries |
| Eval Usage | Code injection | Safe alternatives |
| Weak Crypto | Breakable encryption | Strong algorithms |
| CORS * | Access control bypass | Specific origins |
| Console Secrets | Credential exposure | Remove before commit |
Review Report Template
# Code Review Report
## Summary
- **Reviewed:** [files/PR]
- **Date:** [date]
- **Reviewer:** [name]
- **Overall:** [APPROVE/REQUEST_CHANGES/COMMENT]
## Statistics
- Files reviewed: X
- Lines changed: +Y/-Z
- Critical issues: N
- High issues: N
- Medium issues: N
## Critical/High Findings
### [Finding Title]
- **Severity:** Critical/High
- **Category:** Security/Bug/Performance
- **Location:** file:line
- **Description:** [details]
- **Recommendation:** [action]
- **Code suggestion:**
\`\`\`language
// suggested fix
\`\`\`
## Medium/Low Findings
[Grouped by category]
## Positive Observations
- [Good practices noticed]
## Recommendations
1. [Priority improvement]
2. [Secondary improvement]
## Test Coverage
- Current: X%
- Critical paths: Y%
- Recommendation: [action]
Best Practices
Do
- Review in small batches (200-400 lines ideal)
- Focus on logic, not style (use linters)
- Ask questions rather than demand changes
- Acknowledge good code
- Provide specific, actionable feedback
- Test the changes locally when possible
Don't
- Nitpick style issues
- Rewrite author's code in comments
- Leave vague feedback ("this is wrong")
- Review when fatigued
- Approve without understanding
- Block for preferences, not issues
Error Handling
| Situation | Action |
|---|---|
| Too large PR | Request split into smaller PRs |
| Missing context | Ask author for explanation |
| Unclear requirements | Defer to requirements review |
| Disagreement | Escalate with evidence |
Metrics
| Metric | Target | Description |
|---|---|---|
| Review turnaround | <24h | Time to first review |
| Defect detection | >80% | Issues caught before merge |
| False positive rate | <10% | Unnecessary comments |
| Review thoroughness | 100% | All critical areas covered |
Technology-Specific Notes
TypeScript/JavaScript
- Check for any/unknown abuse
- Verify type safety
- Review async/await handling
- Check for memory leaks in React
Python
- PEP 8 compliance
- Type hints present
- Exception handling
- Virtual environment usage
Go
- Error handling patterns
- Goroutine leaks
- Interface usage
- Package organization
Related Skills
- tdd-obra - Test-first development
- systematic-debugging - Debugging methodology
- subagent-driven - Development with reviews
Version History
- 1.0.0 (2026-01-19): Initial release adapted from alirezarezvani/claude-skills
Weekly Installs
9
Repository
vamseeachanta/workspace-hubFirst Seen
Jan 24, 2026
Security Audits
Installed on
claude-code8
trae7
gemini-cli7
antigravity7
windsurf7
codex7