| name | code-review |
| description | Use when asked to review code, audit a file for bugs, check code quality, or suggest improvements. Provides a structured review process and issue categorisation. |
Code Review Skill
When to use this skill
Load when the user asks you to:
- Review a file or function for bugs
- Check code quality or style
- Suggest improvements or refactors
- Audit security or error handling
- Compare two implementations
Review process
Always follow this order. Do not skip steps.
Step 1 — Read before commenting
Use the read tool to read the full file first.
Use grep to find related code (callers, tests, imports).
Never comment on code you haven't fully read.
Step 2 — Understand intent
Ask: what is this code trying to do?
Read any docstrings, comments, and function names.
If the intent is unclear, note it — don't assume.
Step 3 — Categorise issues
Use these categories consistently:
| Category | When to use |
|---|
| BUG | Code that will produce wrong results or crash |
| SECURITY | Input not validated, secrets exposed, injection risks |
| PERF | Unnecessary work, wrong data structure, O(n²) that could be O(n) |
| STYLE | Inconsistent naming, long functions, missing docstrings |
| SUGGEST | Optional improvements — not required to fix |
Step 4 — Write findings
Format each finding:
[CATEGORY] file.py:line_number
Issue: one sentence describing the problem
Why: why this matters
Fix: concrete suggestion or corrected code snippet
Step 5 — Summary
End with:
- Total issues found per category
- The most critical issue (if any BUG or SECURITY)
- Whether the code is safe to deploy as-is
What good code review looks like
- Specific: cite file + line number, not "somewhere in the code"
- Actionable: every issue has a suggested fix
- Proportionate: distinguish blocking bugs from style nits
- Respectful: review the code, not the author
Common bugs to look for in Python
def append(item, lst=[]):
lst.append(item)
try:
do_something()
except Exception:
pass
items[1:len(items)]
fns = [lambda: i for i in range(5)]
fns = [lambda i=i: i for i in range(5)]
f = open("file.txt")
Common bugs to look for in agents
- Tool outputs not checked before use (model assumes success)
- No timeout on subprocess calls (agent hangs forever)
- Output not truncated (enormous tool results fill context)
- Missing tool error handling (exception crashes the loop)
- No dangerous command filter in bash tool
Security checklist