with one click
code-review
进行全面代码审查,覆盖安全、正确性、性能与可维护性;适用于用户要求 review、排查潜在 bug 或审计代码库。
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
进行全面代码审查,覆盖安全、正确性、性能与可维护性;适用于用户要求 review、排查潜在 bug 或审计代码库。
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | code-review |
| description | 进行全面代码审查,覆盖安全、正确性、性能与可维护性;适用于用户要求 review、排查潜在 bug 或审计代码库。 |
You now have expertise in conducting comprehensive code reviews. Follow this structured approach:
Check for:
npm audit, pip-audit)# Quick security scans
npm audit # Node.js
pip-audit # Python
cargo audit # Rust
grep -r "password\|secret\|api_key" --include="*.py" --include="*.js"
Check for:
Check for:
Check for:
Check for:
## Code Review: [file/component name]
### Summary
[1-2 sentence overview]
### Critical Issues
1. **[Issue]** (line X): [Description]
- Impact: [What could go wrong]
- Fix: [Suggested solution]
### Improvements
1. **[Suggestion]** (line X): [Description]
### Positive Notes
- [What was done well]
### Verdict
[ ] Ready to merge
[ ] Needs minor changes
[ ] Needs major revision
# Bad: SQL injection
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# Good:
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
# Bad: Command injection
os.system(f"ls {user_input}")
# Good:
subprocess.run(["ls", user_input], check=True)
# Bad: Mutable default argument
def append(item, lst=[]): # Bug: shared mutable default
# Good:
def append(item, lst=None):
lst = lst or []
// Bad: Prototype pollution
Object.assign(target, userInput)
// Good:
Object.assign(target, sanitize(userInput))
// Bad: eval usage
eval(userCode)
// Good: Never use eval with user input
// Bad: Callback hell
getData(x => process(x, y => save(y, z => done(z))))
// Good:
const data = await getData();
const processed = await process(data);
await save(processed);
# Show recent changes
git diff HEAD~5 --stat
git log --oneline -10
# Find potential issues
grep -rn "TODO\|FIXME\|HACK\|XXX" .
grep -rn "password\|secret\|token" . --include="*.py"
# Check complexity (Python)
pip install radon && radon cc . -a
# Check dependencies
npm outdated # Node
pip list --outdated # Python
商业级视觉资产与网页(详情页/落地页)的审美与UX视觉审查:输出P0/P1/P2问题清单、可落地的样式tokens与改稿建议;可结合截图、URL与源码进行定位与修改。
设计并构建各类 AI 智能体/助手。适用于用户: (1) 询问“创建 agent / 助手 / 智能体系统” (2) 想理解 agent 架构、agentic 模式或自治式 AI (3) 需要能力设计、子代理、规划或 skills 机制建议 (4) 询问 Claude Code、Cursor 等智能体内部实现 (5) 想为业务/研究/创作/运营等场景构建 agent 关键词:agent, assistant, autonomous, workflow, tool use, multi-step, orchestration
启用 agents-team 协作,双代理完成小说逐章元数据抽取与完整性审校(parser + checker),并写入可续跑的记忆索引。
Enable general multi-agent team mode via spawn_agent/wait tools. Supports orchestrator, worker, reviewer, research, writer, and editor roles.
Agents-CLI 认知记忆系统。用于管理长期记忆(core/episodic/semantic/procedural/vault)、可检索回忆、归档遗忘、以及多代理写入治理。
A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.