一键在 Manus 中运行任何 Skill

code-review-expert

星标0

分支0

更新时间2026年2月26日 16:11

Expert code review of current git changes with a senior engineer lens: SOLID, security, performance, error handling, boundary conditions.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

coreindustries

coreindustries/core-ai-template

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

/code-review-expert

Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, performance issues, error handling gaps, boundary condition bugs, and dead code — then proposes actionable improvements.

Usage

/code-review-expert [target] [--commit <range>] [--strict]

Arguments

Argument	Description
`target`	File or directory to review (default: current git changes)
`--commit <range>`	Review a specific commit or range (e.g., `HEAD~3..HEAD`)
`--strict`	Apply stricter thresholds — flag P2/P3 issues more aggressively

Severity Levels

Level	Name	Description	Action
P0	Critical	Security vulnerability, data loss risk, correctness bug	Must block merge
P1	High	Logic error, significant SOLID violation, performance regression	Should fix before merge
P2	Medium	Code smell, maintainability concern, minor SOLID violation	Fix in this PR or create follow-up
P3	Low	Style, naming, minor suggestion	Optional improvement

Instructions

When this skill is invoked:

Agent Behavior

Autonomy:

Complete the full review end-to-end without pausing
Present all findings in a single structured report
Do NOT implement changes until user explicitly confirms

Thoroughness:

Load all reference checklists in parallel before beginning analysis
Check against all standards in .claude/rules/ (auto-loaded)
Cross-reference with prd/00_technology.md for technology-specific patterns
Include file:line references for all findings

Review Process

1) Preflight context

Run git status -sb, git diff --stat, and git diff to scope changes.
If target is specified, scope to those files. If --commit is specified, use git diff <range>.
Use rg or grep to find related modules, usages, and contracts.
Identify entry points, ownership boundaries, and critical paths (auth, payments, data writes, network).

Edge cases:

No changes: If diff is empty, inform user and ask if they want to review staged changes or a specific commit range.
Large diff (>500 lines): Summarize by file first, then review in batches by module/feature area.
Mixed concerns: Group findings by logical feature, not just file order.

2) SOLID + architecture smells

Load .claude/references/solid-checklist.md for specific prompts.
Evaluate against all 5 SOLID principles:
- SRP: Overloaded modules with unrelated responsibilities.
- OCP: Frequent edits to add behavior instead of extension points.
- LSP: Subclasses that break expectations or require type checks.
- ISP: Wide interfaces with unused methods.
- DIP: High-level logic tied to low-level implementations.
When proposing a refactor, explain why it improves cohesion/coupling and outline a minimal, safe split.
If refactor is non-trivial, propose an incremental plan instead of a large rewrite.

3) Removal candidates + iteration plan

Load .claude/references/removal-plan.md for template.
Identify code that is unused, redundant, or feature-flagged off.
Distinguish safe delete now vs defer with plan.
Provide a follow-up plan with concrete steps and checkpoints (tests/metrics).

4) Security and reliability scan

Load .claude/references/security-checklist.md for coverage.
Also read .claude/agents/security-reviewer.md for the security perspective.
Check for:
- XSS, injection (SQL/NoSQL/command), SSRF, path traversal
- AuthZ/AuthN gaps, missing tenancy checks
- Secret leakage or API keys in logs/env/files
- Rate limits, unbounded loops, CPU/memory hotspots
- Unsafe deserialization, weak crypto, insecure defaults
- Race conditions: concurrent access, check-then-act, TOCTOU, missing locks
Call out both exploitability and impact.

5) Code quality scan

Load .claude/references/code-quality-checklist.md for coverage.
Check for:
- Error handling: swallowed exceptions, overly broad catch, missing error handling, async errors
- Performance: N+1 queries, CPU-intensive ops in hot paths, missing cache, unbounded memory
- Boundary conditions: null/undefined handling, empty collections, numeric boundaries, off-by-one
Flag issues that may cause silent failures or production incidents.

6) Output format

Structure the review as follows:

## Code Review Summary

**Files reviewed**: X files, Y lines changed
**Overall assessment**: [APPROVE / REQUEST_CHANGES / COMMENT]

---

## Findings

### P0 — Critical
(none or list)

### P1 — High
1. **[file:line]** Brief title
   - Description of issue
   - Suggested fix

### P2 — Medium
2. (continue numbering across sections)
   - ...

### P3 — Low
...

---

## Removal/Iteration Plan
(if applicable)

## Additional Suggestions
(optional improvements, not blocking)

Inline comments: Use this format for file-specific findings:

::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::

Clean review: If no issues found, explicitly state:

What was checked
Any areas not covered (e.g., "Did not verify database migrations")
Residual risks or recommended follow-up tests

7) Next steps confirmation

After presenting findings, ask user how to proceed:

---

## Next Steps

I found X issues (P0: _, P1: _, P2: _, P3: _).

**How would you like to proceed?**

1. **Fix all** — I'll implement all suggested fixes
2. **Fix P0/P1 only** — Address critical and high priority issues
3. **Fix specific items** — Tell me which issues to fix
4. **No changes** — Review complete, no implementation needed

Please choose an option or provide specific instructions.

Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow.

Resources

File	Purpose
`.claude/references/solid-checklist.md`	SOLID smell prompts and refactor heuristics
`.claude/references/security-checklist.md`	Web/app security and runtime risk checklist
`.claude/references/code-quality-checklist.md`	Error handling, performance, boundary conditions
`.claude/references/removal-plan.md`	Template for deletion candidates and follow-up plan

Example

$ /code-review-expert

Scoping changes... 8 files, 342 lines changed

Loading review checklists...

## Code Review Summary

**Files reviewed**: 8 files, 342 lines changed
**Overall assessment**: REQUEST_CHANGES

---

## Findings

### P0 — Critical
(none)

### P1 — High
1. **src/services/payment.ts:89** Race condition in balance deduction
   - Check-then-act pattern: balance is read, checked, then deducted in separate operations
   - Suggested fix: Use `SELECT FOR UPDATE` or atomic `UPDATE WHERE balance >= amount`

2. **src/api/users.ts:34** Missing ownership check (IDOR)
   - Any authenticated user can access other users' data via `GET /users/:id`
   - Suggested fix: Add `where: { id: params.id, orgId: req.user.orgId }`

### P2 — Medium
3. **src/services/order.ts:12-45** SRP violation — mixed concerns
   - Order service handles validation, pricing, inventory, and notifications
   - Suggested fix: Extract `PricingService` and `NotificationService`

4. **src/api/orders.ts:67** Swallowed exception in error handler
   - `catch (e) { return null }` hides failures from callers
   - Suggested fix: Log error with context and throw a typed `OrderError`

### P3 — Low
5. **src/models/user.ts:8** Missing max length on `name` field
   - Could allow unbounded string storage
   - Suggested fix: Add `@MaxLength(255)` constraint

---

## Next Steps

I found 5 issues (P0: 0, P1: 2, P2: 2, P3: 1).

**How would you like to proceed?**

1. **Fix all** — I'll implement all suggested fixes
2. **Fix P0/P1 only** — Address critical and high priority issues
3. **Fix specific items** — Tell me which issues to fix
4. **No changes** — Review complete, no implementation needed

同仓库更多 Skills

同仓库

handoff

coreindustries/core-ai-template

Write a structured handoff at session end. Preserves context so the next agent can resume without human briefing. Invoke before ending any feature session longer than 30 minutes.

2026-05-220

review

coreindustries/core-ai-template

Multi-perspective code review against project standards with P1/P2/P3 severity classification. Works in Claude Code (Agent + optional GitHub MCP) and Cursor (Task subagents + gh/git). Use when the user invokes /review, asks for a PR or diff review, or wants a standards-aligned review with severity tags.

2026-05-130

review

coreindustries/core-ai-template

Multi-perspective code review (P1/P2/P3) for Cursor: inline checklists plus three parallel Task subagents (perf-auditor, security-reviewer, simplicity-reviewer with combined data-integrity prompt). Use when the user invokes /review, asks for a PR review, or wants repo-standard findings with severity.

2026-05-130

commit

coreindustries/core-ai-template

Create well-formatted git commits following conventional commit standards.

2026-05-080

tdd

coreindustries/core-ai-template

Red→green→refactor discipline for new behavior — forces a failing test before implementation and a passing test before any claim of done.

2026-04-210

coreindustries/core-ai-template

Create or manage a git worktree for isolated parallel development — lets multiple agents work in the repo simultaneously without branch collisions.

2026-04-210

name	code-review-expert
description	Expert code review of current git changes with a senior engineer lens: SOLID, security, performance, error handling, boundary conditions.

/code-review-expert

Usage

/code-review-expert [target] [--commit <range>] [--strict]

Arguments

Argument	Description
`target`	File or directory to review (default: current git changes)
`--commit <range>`	Review a specific commit or range (e.g., `HEAD~3..HEAD`)
`--strict`	Apply stricter thresholds — flag P2/P3 issues more aggressively

Severity Levels

Level	Name	Description	Action
P0	Critical	Security vulnerability, data loss risk, correctness bug	Must block merge
P1	High	Logic error, significant SOLID violation, performance regression	Should fix before merge
P2	Medium	Code smell, maintainability concern, minor SOLID violation	Fix in this PR or create follow-up
P3	Low	Style, naming, minor suggestion	Optional improvement

Instructions

When this skill is invoked:

Agent Behavior

Autonomy:

Complete the full review end-to-end without pausing
Present all findings in a single structured report
Do NOT implement changes until user explicitly confirms

Thoroughness:

Load all reference checklists in parallel before beginning analysis
Check against all standards in .claude/rules/ (auto-loaded)
Cross-reference with prd/00_technology.md for technology-specific patterns
Include file:line references for all findings

Review Process

1) Preflight context

Run git status -sb, git diff --stat, and git diff to scope changes.
If target is specified, scope to those files. If --commit is specified, use git diff <range>.
Use rg or grep to find related modules, usages, and contracts.
Identify entry points, ownership boundaries, and critical paths (auth, payments, data writes, network).

Edge cases:

No changes: If diff is empty, inform user and ask if they want to review staged changes or a specific commit range.
Large diff (>500 lines): Summarize by file first, then review in batches by module/feature area.
Mixed concerns: Group findings by logical feature, not just file order.

2) SOLID + architecture smells

Load .claude/references/solid-checklist.md for specific prompts.
Evaluate against all 5 SOLID principles:
- SRP: Overloaded modules with unrelated responsibilities.
- OCP: Frequent edits to add behavior instead of extension points.
- LSP: Subclasses that break expectations or require type checks.
- ISP: Wide interfaces with unused methods.
- DIP: High-level logic tied to low-level implementations.
When proposing a refactor, explain why it improves cohesion/coupling and outline a minimal, safe split.
If refactor is non-trivial, propose an incremental plan instead of a large rewrite.

3) Removal candidates + iteration plan

Load .claude/references/removal-plan.md for template.
Identify code that is unused, redundant, or feature-flagged off.
Distinguish safe delete now vs defer with plan.
Provide a follow-up plan with concrete steps and checkpoints (tests/metrics).

4) Security and reliability scan

Load .claude/references/security-checklist.md for coverage.
Also read .claude/agents/security-reviewer.md for the security perspective.
Check for:
- XSS, injection (SQL/NoSQL/command), SSRF, path traversal
- AuthZ/AuthN gaps, missing tenancy checks
- Secret leakage or API keys in logs/env/files
- Rate limits, unbounded loops, CPU/memory hotspots
- Unsafe deserialization, weak crypto, insecure defaults
- Race conditions: concurrent access, check-then-act, TOCTOU, missing locks
Call out both exploitability and impact.

5) Code quality scan

Load .claude/references/code-quality-checklist.md for coverage.
Check for:
- Error handling: swallowed exceptions, overly broad catch, missing error handling, async errors
- Performance: N+1 queries, CPU-intensive ops in hot paths, missing cache, unbounded memory
- Boundary conditions: null/undefined handling, empty collections, numeric boundaries, off-by-one
Flag issues that may cause silent failures or production incidents.

6) Output format

Structure the review as follows:

## Code Review Summary

**Files reviewed**: X files, Y lines changed
**Overall assessment**: [APPROVE / REQUEST_CHANGES / COMMENT]

---

## Findings

### P0 — Critical
(none or list)

### P1 — High
1. **[file:line]** Brief title
   - Description of issue
   - Suggested fix

### P2 — Medium
2. (continue numbering across sections)
   - ...

### P3 — Low
...

---

## Removal/Iteration Plan
(if applicable)

## Additional Suggestions
(optional improvements, not blocking)

Inline comments: Use this format for file-specific findings:

::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::

Clean review: If no issues found, explicitly state:

What was checked
Any areas not covered (e.g., "Did not verify database migrations")
Residual risks or recommended follow-up tests

7) Next steps confirmation

After presenting findings, ask user how to proceed:

---

## Next Steps

I found X issues (P0: _, P1: _, P2: _, P3: _).

**How would you like to proceed?**

1. **Fix all** — I'll implement all suggested fixes
2. **Fix P0/P1 only** — Address critical and high priority issues
3. **Fix specific items** — Tell me which issues to fix
4. **No changes** — Review complete, no implementation needed

Please choose an option or provide specific instructions.

Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow.

Resources

File	Purpose
`.claude/references/solid-checklist.md`	SOLID smell prompts and refactor heuristics
`.claude/references/security-checklist.md`	Web/app security and runtime risk checklist
`.claude/references/code-quality-checklist.md`	Error handling, performance, boundary conditions
`.claude/references/removal-plan.md`	Template for deletion candidates and follow-up plan

Example

$ /code-review-expert

Scoping changes... 8 files, 342 lines changed

Loading review checklists...

## Code Review Summary

**Files reviewed**: 8 files, 342 lines changed
**Overall assessment**: REQUEST_CHANGES

---

## Findings

### P0 — Critical
(none)

### P1 — High
1. **src/services/payment.ts:89** Race condition in balance deduction
   - Check-then-act pattern: balance is read, checked, then deducted in separate operations
   - Suggested fix: Use `SELECT FOR UPDATE` or atomic `UPDATE WHERE balance >= amount`

2. **src/api/users.ts:34** Missing ownership check (IDOR)
   - Any authenticated user can access other users' data via `GET /users/:id`
   - Suggested fix: Add `where: { id: params.id, orgId: req.user.orgId }`

### P2 — Medium
3. **src/services/order.ts:12-45** SRP violation — mixed concerns
   - Order service handles validation, pricing, inventory, and notifications
   - Suggested fix: Extract `PricingService` and `NotificationService`

4. **src/api/orders.ts:67** Swallowed exception in error handler
   - `catch (e) { return null }` hides failures from callers
   - Suggested fix: Log error with context and throw a typed `OrderError`

### P3 — Low
5. **src/models/user.ts:8** Missing max length on `name` field
   - Could allow unbounded string storage
   - Suggested fix: Add `@MaxLength(255)` constraint

---

## Next Steps

I found 5 issues (P0: 0, P1: 2, P2: 2, P3: 1).

**How would you like to proceed?**

1. **Fix all** — I'll implement all suggested fixes
2. **Fix P0/P1 only** — Address critical and high priority issues
3. **Fix specific items** — Tell me which issues to fix
4. **No changes** — Review complete, no implementation needed