菜单
Perform thorough code reviews on files or pull requests, checking for bugs, security vulnerabilities, performance issues, and style violations.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Identify at-risk customer accounts by analyzing usage patterns, engagement signals, and support history to generate churn risk scores and intervention recommendations.
Analyze NPS, CSAT, and qualitative customer feedback to extract themes, identify trends, and generate actionable insight reports.
Write clear, searchable help center articles and FAQ entries based on support data, product documentation, and common customer questions.
Design structured customer onboarding workflows with phased checklists, email templates, success milestones, and ownership assignments.
Classify, prioritize, and route incoming support tickets by extracting intent and entities, assigning severity, and generating initial responses.
Create and manage budgets with variance analysis and departmental allocation
| name | Code Review |
| description | Perform thorough code reviews on files or pull requests, checking for bugs, security vulnerabilities, performance issues, and style violations. |
| license | MIT |
| metadata | {"author":"awesome-ai-agent-skills contributors","version":"1.0.0"} |
This skill enables an AI agent to conduct a structured, comprehensive code review on a source file, a set of changes, or a pull request. The agent examines the code across multiple quality dimensions — correctness, security, performance, readability, and maintainability — and produces a detailed review report with actionable feedback tied to specific lines of code.
Parse the input and establish context. Determine whether the input is a single file, a directory, or a pull request diff. If it is a pull request, fetch the diff and identify the base branch so that only the changed lines are reviewed. Read any related configuration files (linter configs, style guides, type definitions) to calibrate the review against the project's standards.
Understand the intent of the change. Read commit messages, PR descriptions, and surrounding code to understand what the author intended. This prevents false positives — a reviewer must know the goal before judging whether the code achieves it. Summarize the change in one sentence before proceeding.
Check for correctness and bugs. Walk through every changed function and trace the data flow. Look for null or undefined dereferences, off-by-one errors, incorrect boolean logic, unhandled error paths, race conditions in concurrent code, and resource leaks (open files, database connections, unreleased locks). Verify that edge cases — empty inputs, maximum values, unexpected types — are handled.
Evaluate security. Scan for common vulnerability patterns: unsanitized user input (SQL injection, XSS), hardcoded secrets or credentials, insecure cryptographic usage, overly permissive file or network access, and missing authentication or authorization checks. Flag any dependency additions and check for known CVEs.
Assess performance and scalability. Identify algorithmic complexity issues (nested loops over large collections, repeated database queries inside loops, unbounded memory growth). Check for unnecessary allocations, missing caching opportunities, and blocking calls in async contexts. Consider the expected data volume and whether the code will scale.
Review readability and maintainability. Evaluate naming clarity, function length, code duplication (DRY violations), and adherence to the project's style guide. Check that public functions have docstrings or type annotations. Verify that magic numbers are replaced with named constants and that complex logic has explanatory comments.
The agent evaluates every change against these categories:
| Category | What to look for |
|---|---|
| Bugs | Null derefs, off-by-one, logic errors, unhandled exceptions |
| Security | Injection, XSS, hardcoded secrets, missing auth, insecure dependencies |
| Performance | O(n²) loops, N+1 queries, unnecessary allocations, blocking I/O |
| Readability | Unclear names, long functions, missing docs, inconsistent formatting |
| DRY | Copy-pasted blocks, duplicated logic that should be extracted |
| Error handling | Swallowed exceptions, missing retries, unclear error messages |
| Testing | Missing tests for new logic, broken existing tests, untested edge cases |
Provide one or more of the following inputs:
https://github.com/user/repo/pull/42. The agent fetches the diff and reviews only the changed lines in context.Given this file src/auth.py:
import hashlib
def authenticate(username, password, db):
query = f"SELECT password_hash FROM users WHERE username = '{username}'"
row = db.execute(query).fetchone()
if row is None:
return False
stored_hash = row[0]
input_hash = hashlib.md5(password.encode()).hexdigest()
return input_hash == stored_hash
The agent produces the following review:
## Review: src/auth.py — authenticate()
### Critical — SQL Injection (line 4)
The query uses f-string interpolation with `username` directly in the SQL
string. An attacker can pass `' OR '1'='1` as the username to bypass
authentication entirely.
**Fix:** Use parameterized queries.
- row = db.execute(query).fetchone()
+ row = db.execute(
+ "SELECT password_hash FROM users WHERE username = ?", (username,)
+ ).fetchone()
### Critical — Weak Hashing Algorithm (line 9)
MD5 is cryptographically broken and unsuitable for password hashing. It is
vulnerable to rainbow table attacks and can be brute-forced in seconds on
modern hardware.
**Fix:** Use bcrypt or argon2 with a per-user salt.
- input_hash = hashlib.md5(password.encode()).hexdigest()
+ import bcrypt
+ return bcrypt.checkpw(password.encode(), stored_hash.encode())
### Warning — Timing Attack (line 10)
Direct string comparison of hashes with `==` leaks information through
timing differences. Use a constant-time comparison function.
**Fix:**
- return input_hash == stored_hash
+ import hmac
+ return hmac.compare_digest(input_hash, stored_hash)
### Info — Missing Type Annotations
Adding type hints improves readability and enables static analysis:
def authenticate(username: str, password: str, db: Connection) -> bool:
**Summary:** 2 critical, 1 warning, 1 info. This function must not be
deployed until the SQL injection and hashing issues are resolved.
Given a PR diff for src/api/orders.js:
@@ -12,6 +12,20 @@ const express = require("express");
const router = express.Router();
+router.get("/orders", async (req, res) => {
+ const userId = req.query.userId;
+ const orders = await db.query("SELECT * FROM orders WHERE user_id = $1", [userId]);
+ const enriched = [];
+ for (const order of orders.rows) {
+ const items = await db.query("SELECT * FROM order_items WHERE order_id = $1", [order.id]);
+ order.items = items.rows;
+ enriched.push(order);
+ }
+ res.json(enriched);
+});
The agent produces:
## Review: src/api/orders.js — GET /orders
### Warning — N+1 Query (lines 18-21)
Each order triggers a separate SELECT for its items. For a user with 200
orders this executes 201 database queries. This will degrade significantly
under load.
**Fix:** Use a single JOIN or a batched IN query:
const items = await db.query(
"SELECT * FROM order_items WHERE order_id = ANY($1)",
[orders.rows.map(o => o.id)]
);
// Then group items by order_id in application code.
### Warning — Missing Authorization Check (line 14)
The endpoint reads `userId` from the query string without verifying that
the authenticated user is allowed to view that user's orders. Any user
can read any other user's order history by changing the query parameter.
**Fix:** Validate that `req.user.id === userId` or that the requester
has an admin role before executing the query.
### Info — SELECT * Usage (lines 16, 19)
Selecting all columns returns data the client may not need (e.g.,
internal timestamps, soft-delete flags). Specify only the required columns
to reduce payload size and avoid leaking internal fields.
**Summary:** 0 critical, 2 warning, 1 info.