원클릭으로
code-review
系统化代码审查:安全性、性能、可维护性、正确性、测试覆盖。触发词:代码审查、review 代码、PR 审查。
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
系统化代码审查:安全性、性能、可维护性、正确性、测试覆盖。触发词:代码审查、review 代码、PR 审查。
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
PRD 驱动的完整开发工作流 - 从用户故事分析到自动化测试的端到端流程。 当用户需要"一条龙开发"、"全自动开发"、"从需求到代码"、"先分析PRD再开发"、 "多模型分析后自动开发"、"完整开发流程"、"从需求分析到测试"或任何涉及 PRD分析→需求整合→代码生成→自动化测试的连续工作时,**必须**使用此技能。 整合多模型聚合、Kimi深度整合、PRD生成、多模型代码审查、代码开发、自动化测试等能力。 **新增**: 智能决策大脑(th-workflow-decision-engine) - 自动判断何时使用GitNexus代码分析、 unified-search联网搜索、多模型聚合,测试失败时智能选择修复策略。
PRD驱动工作流的决策大脑 - 智能判断何时使用搜索、代码分析、多模型聚合。 作为子Skill被 th-prd-driven-dev-workflow 调用,负责工具选择和策略决策。
动态 Agent 生成器(母体模式)。当用户需要处理复杂项目时,自动分析需求并生成定制化专业 Agent 团队。接收项目描述、技术栈、版本号、约束条件,输出完整的 Agent 配置和启动命令。触发词:需要专业团队、生成 Agent、创建定制化 Agent、复杂项目团队、动态生成 Agent。
Arch Linux 系统特性(PEP 668、AUR Helpers)
浏览器交互自动化:网页测试、表单填写、截图、数据提取。触发词:打开网页、填写表单、网页截图。
需求演进与决策追踪器 - 当用户提出零散需求、抱怨某个功能、或讨论产品方向时,**必须**使用此技能。通过逐级剖析推导出落地方案,并在每个关键节点**强制暂停**等待用户确认。适用于:记录决策、需求演进、功能推演、架构选型、重构方案确定。触发词:记录决策、需求演进、功能演进、决策追踪、需求推演、演进记录、这个需求怎么演化、帮我推演这个需求。
| name | code-review |
| model | reasoning |
| category | testing |
| description | 系统化代码审查:安全性、性能、可维护性、正确性、测试覆盖。触发词:代码审查、review 代码、PR 审查。 |
| version | 1 |
Thorough, structured approach to reviewing code. Work through each dimension systematically rather than scanning randomly.
Apply iterative improvement for critical code paths:
┌────────────┐ ┌────────────┐ ┌────────────┐
│ Evaluator │ ──→ │ Optimizer │ ──→ │ Evaluator │
│ (Review) │ │ (Fix) │ │ (Recheck) │
└────────────┘ └────────────┘ └────────────┘
│ │
└───────────────────────────────────────┘
(Loop until pass)
| Metric | Target | Action if Failed |
|---|---|---|
| Security issues | 0 critical | Block merge |
| Test coverage | > 80% new code | Request tests |
| Complexity | < 10 per function | Suggest refactor |
| Documentation | All public APIs | Add doc comments |
For each failed metric:
## Optimization Round N
**Issue**: [description]
**Location**: [file:line]
**Fix Applied**: [what was changed]
**Result**: [pass/still-fail]
Review complete when ALL are true:
[CRITICAL] issues[MAJOR] issues resolved or documentednpx clawhub@latest install code-review
| Dimension | Focus | Priority |
|---|---|---|
| Security | Vulnerabilities, auth, data exposure | Critical |
| Performance | Speed, memory, scalability bottlenecks | High |
| Correctness | Logic errors, edge cases, data integrity | High |
| Maintainability | Readability, structure, future-proofing | Medium |
| Testing | Coverage, quality, reliability of tests | Medium |
| Accessibility | WCAG compliance, keyboard nav, screen readers | Medium |
| Documentation | Comments, API docs, changelog entries | Low |
Review every change for these vulnerabilities:
dangerouslySetInnerHTML or equivalent is justified and safeWork through the code in three passes. Do not try to catch everything in one read.
| Pass | Focus | Time | What to Look For |
|---|---|---|---|
| First | High-level structure | 2-5 min | Architecture fit, file organization, API design, overall approach |
| Second | Line-by-line detail | Bulk | Logic errors, security issues, performance problems, edge cases |
| Third | Edge cases & hardening | 5 min | Failure modes, concurrency, boundary values, missing tests |
Classify every comment by severity so the author knows what blocks merge.
| Level | Label | Meaning | Blocks Merge? |
|---|---|---|---|
| Critical | [CRITICAL] | Security vulnerability, data loss, or crash in production | Yes |
| Major | [MAJOR] | Bug, logic error, or significant performance regression | Yes |
| Minor | [MINOR] | Improvement that would reduce future maintenance cost | No |
| Nitpick | [NIT] | Style preference, naming suggestion, or trivial cleanup | No |
Always prefix your review comment with the severity label. This removes ambiguity about what matters.
Bad:
This is wrong. Fix it.
Good:
[MAJOR]This query interpolates user input directly into the SQL string (line 42), which is vulnerable to SQL injection. Consider using a parameterized query:SELECT * FROM users WHERE id = $1
Bad:
Why didn't you add tests?
Good:
[MINOR]The newcalculateDiscount()function has a few branching paths — could we add tests for the zero-quantity and negative-price edge cases to prevent regressions?
Bad:
I would have done this differently.
Good:
[NIT]This works well. An alternative approach could be extracting the retry logic into a sharedwithRetry()wrapper — but that's optional and could be a follow-up.
Avoid these common traps that waste time and damage team trust:
| Anti-Pattern | Description |
|---|---|
| Rubber-Stamping | Approving without reading. Creates false confidence and lets bugs through. |
| Bikeshedding | Spending 30 minutes debating a variable name while ignoring a race condition. |
| Blocking on Style | Refusing to approve over formatting that a linter should enforce automatically. |
| Gatekeeping | Requiring your personal preferred approach when the submitted one is correct. |
| Drive-by Reviews | Leaving one vague comment and disappearing. Commit to following through. |
| Scope Creep Reviews | Requesting unrelated refactors that should be separate PRs. |
| Stale Reviews | Letting PRs sit for days. Review within 24 hours or hand off to someone else. |
| Emotional Language | "This is terrible" or "obviously wrong." Critique the code, not the person. |