| name | code-review |
| description | Use this skill when reviewing uncommitted or local code changes before commit/PR. Finds security, correctness, quality, and testing gaps, then reports only high-confidence actionable issues. |
Code Review Skill
Use this skill to review uncommitted changes and improve code quality before commit or PR.
When to Activate
- User asks to review/check/audit local or uncommitted code changes
- After implementing changes, before commit
- Before opening or updating a pull request
Scope and Inputs
Start with uncommitted changes:
git diff --staged
git diff
git diff --name-only HEAD
If there is no uncommitted diff:
- Explicitly report that no uncommitted changes were found
- Optionally inspect recent context:
git log --oneline -5
Review Workflow
- Gather all changed files and the full diff context
- Read surrounding code so findings are not diff-only guesses
- Apply confidence filter: report only issues you are at least 80% confident are real
- Prioritize by severity:
CRITICAL, HIGH, MEDIUM, LOW
- Provide concrete fixes, not generic advice
- End with a merge verdict based on severity
Review Checklist
CRITICAL: Security and Data Risk
- Hardcoded secrets, tokens, passwords, API keys
- Injection risks (SQL/command/template)
- Missing auth checks or authorization bypasses
- XSS/unsafe rendering of user input
- Path traversal or unsafe filesystem access
- Sensitive data exposure in logs/errors
HIGH: Correctness and Reliability
- Logic bugs and edge-case failures
- Missing or incorrect error handling
- Broken async flows and unhandled rejections
- Invalid input assumptions and missing validation
- Regressions caused by API/contract mismatch
MEDIUM: Quality and Maintainability
- Overly large functions/files that hide defects
- Deep nesting and unclear control flow
- Dead code, debug prints, stale TODO/FIXME without tracking
- Missing tests for new or changed behavior
- Performance hotspots in changed paths
LOW: Best-Practice Nits
- Naming clarity and readability issues
- Minor consistency issues if they impact maintainability
Project Conventions
When reviewing, align with:
- Project conventions in
CLAUDE.md
- Shared rules in
.claude/rules/common/*
- Language-specific rules in
.claude/rules/{python|golang|cpp|rust}/*
Avoid style-only noise unless it violates established project conventions.
Output Contract
For each finding, use this template:
[SEVERITY] Short title
File: path/to/file:line
Issue: What is wrong and why it matters
Fix: Minimal concrete change to resolve it
End every review with:
## Review Summary
| Severity | Count | Status |
|----------|-------|--------|
| CRITICAL | X | pass/warn/block |
| HIGH | X | pass/warn/block |
| MEDIUM | X | info |
| LOW | X | note |
Verdict: APPROVE | WARNING | BLOCK
Verdict policy:
BLOCK if any CRITICAL issues exist
WARNING if no CRITICAL but one or more HIGH issues exist
APPROVE if no CRITICAL or HIGH issues exist