// Reviews code for quality, security, correctness. Triggers: code review, quality review, security review, review PR, review branch.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | review |
| description | Reviews code for quality, security, correctness. Triggers: code review, quality review, security review, review PR, review branch. |
| user-invocable | true |
| effort | high |
| argument-hint | [target: branch, pr, file path, or staged changes] |
| agent | code-reviewer |
| context | fork |
| allowed-tools | Read, Grep, Glob, Bash |
$ARGUMENTS
Reviews code changes for quality and issues.
git diff --stat main...HEAD 2>/dev/null || git diff --cached --stat 2>/dev/null || echo "no changes detected"Before starting manual review, run the diff analyzer script to get a structured risk assessment:
python3 ${CLAUDE_SKILL_DIR}/scripts/diff-analyzer.py [base_branch]
# Default base branch: main
# Example: python3 scripts/diff-analyzer.py develop
The script outputs JSON with:
If the script reports parallel_review_recommended: true, use the Parallel Review (Agent Teams) mode below.
For significant PRs or large changesets, create a parallel review team:
Create an agent team to review [target]:
- Teammate 1 (security-auditor): "Review for security vulnerabilities, auth issues,
injection risks, secret leaks. Report with severity ratings." Use Opus.
- Teammate 2 (performance-optimizer): "Check for N+1 queries, memory leaks,
unnecessary allocations, caching opportunities. Report with impact ratings." Use Opus.
- Teammate 3 (test-engineer): "Validate test coverage, edge cases, mock quality,
missing assertions. Report coverage gaps." Use Opus.
Each reviewer should report findings independently. Do NOT modify files.
After all reviewers complete:
When to use: PRs with >5 files changed, cross-module changes, security-sensitive code. READ-ONLY: No teammate should modify files during review.
| Target | What's Reviewed |
|---|---|
| (none) | Staged changes |
branch | Branch vs main |
pr | Pull request changes |
file.ts | Specific file |
## Code Review Report
### Summary
- **Files Changed**: [count]
- **Lines Added**: [+count]
- **Lines Removed**: [-count]
- **Issues Found**: [count]
- **Overall Confidence**: [1-10] — how confident the reviewer is in the assessment
### Findings
#### Critical
- **[file:line]**: [issue]
- Severity: critical | Confidence: [1-10]
- Evidence: [specific code reference and reasoning]
- Suggested fix: [code]
#### Major
- **[file:line]**: [issue]
- Severity: major | Confidence: [1-10]
- Evidence: [specific code reference and reasoning]
- Suggested fix: [code]
#### Minor
- **[file:line]**: [issue]
- Severity: minor | Confidence: [1-10]
- Evidence: [line number + reasoning]
#### Nit
- **[file:line]**: [suggestion]
- Severity: nit | Confidence: [1-10]
### Confidence Guide
| Score | Meaning |
|-------|---------|
| 9-10 | Certain — verified via code, tests, or documentation |
| 7-8 | High — strong evidence, minor assumptions |
| 5-6 | Medium — plausible issue, needs author confirmation |
| 3-4 | Low — speculative, based on patterns not proof |
| 1-2 | Guess — flag for discussion, don't block on this |
### Positive Notes
- [What's good about the code]
### Verdict
[APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION]
| Excuse | Why It's Wrong |
|---|---|
| "Small change, quick scan is enough" | Small changes introduce subtle bugs — apply consistent review regardless of size |
| "Tests pass, so the code is correct" | Tests validate specific scenarios, not all behaviors — verify missing coverage |
| "It's just a refactor, no need for deep review" | Refactors change invariants — verify behavior preservation, not just compilation |
| "The author is senior, they know what they're doing" | Seniority doesn't prevent mistakes — review the code, not the person |
| "We're in a hurry, ship it" | Rushed reviews create tech debt that costs 10x more to fix later |
After completing the review, perform a self-evaluation pass:
This skill only analyzes. It does NOT modify any files.
/debug to trace root causes/tdd to add test-first coverage/cve-scan for dependency vulnerabilities/analyze for deeper code quality metrics