| name | code-review |
| description | Systematic code review methodology. Use this skill when reviewing code changes, PRs, or doing code audits for quality, security, and best practices. |
Code Review Skill
A systematic approach to reviewing code for quality, security, and maintainability.
When to Use This Skill
- User asks to "review code" or "check my code"
- Reviewing pull requests or diffs
- Code audit tasks
- Pre-deployment code checks
Code Review Checklist
1. Functionality
2. Code Quality
3. Security
4. Performance
5. Testing
Review Approach
def review_function(code: str) -> dict:
"""Analyze a function for common issues."""
issues = []
suggestions = []
lines = code.strip().split('\n')
if len(lines) > 50:
issues.append("Function is too long (>50 lines). Consider breaking it up.")
if '"""' not in code and "'''" not in code:
issues.append("Missing docstring. Add documentation.")
if 'except:' in code:
issues.append("Bare except clause. Specify exception types.")
import re
if re.search(r'["\'](?:password|secret|key)["\']', code, re.I):
issues.append("Possible hardcoded credential. Use environment variables.")
return {"issues": issues, "suggestions": suggestions}
Feedback Format
When providing review feedback:
- Start positive - Note what's done well
- Be specific - Point to exact lines/issues
- Explain why - Not just what's wrong, but why it matters
- Suggest fixes - Provide concrete improvements
Example Feedback Template:
## Code Review Summary
### ✅ What's Good
- Clear function naming
- Good error handling in X
### 🔧 Suggested Improvements
1. **Line 25**: Consider using a constant for the magic number `42`
- Why: Improves readability and maintainability
- Suggestion: `MAX_RETRIES = 42`
2. **Line 48**: Missing input validation
- Why: Could cause crash on None input
- Suggestion: Add `if value is None: return default`
### ❗ Critical Issues
1. **Security**: SQL injection vulnerability at line 67
- Use parameterized queries instead of string formatting
Common Issues to Flag
- Magic numbers without explanation
- Missing error handling
- Security vulnerabilities (injection, XSS, etc.)
- Performance anti-patterns (N+1 queries, etc.)
- Missing tests for critical paths
- Overly complex logic
- Code duplication