一键在 Manus 中运行任何 Skill

开始使用

ultrareview

星标10

分支3

更新时间2026年6月23日 14:39

Deep code review using Claude Code's thorough analysis mode — security, performance, correctness, and maintainability

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

UitbreidenOS

UitbreidenOS/Claudient

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Ultrareview Skill

When to activate

Reviewing PRs with security-sensitive changes (auth, payments, data access)
Evaluating performance-critical code paths (hot loops, database queries, network calls)
Assessing architectural decisions in large PRs (new abstractions, pattern changes)
Pre-merge review for release branches
Auditing code before compliance reviews (SOC2, HIPAA, PCI)

When NOT to use

Trivial PRs (typo fixes, config changes, documentation only)
WIP/draft PRs that aren't ready for review
PRs that only add tests

Instructions

Understand context. Read the PR description, linked issues, and related code before diving into the diff.
Review in layers. Go through the changes 3 times, each with a different lens:

Pass 1 — Correctness:
- Does the logic handle all edge cases?
- Are error conditions handled properly?
- Do types/interfaces match between producer and consumer?
- Are there race conditions or timing issues?
Pass 2 — Security:
- Input validation (SQL injection, XSS, path traversal)?
- Authentication and authorization checks present?
- Sensitive data exposure (logs, error messages, API responses)?
- Dependency vulnerabilities introduced?
Pass 3 — Maintainability:
- Is the code readable without comments explaining the obvious?
- Are abstractions at the right level (not too much, not too little)?
- Would a new team member understand this in 5 minutes?
- Are there hidden assumptions that should be documented?
Categorize findings:
- BLOCKER: Must fix before merge (security vulnerability, data loss risk, correctness bug)
- IMPORTANT: Should fix before merge (performance issue, poor error handling, missing validation)
- SUGGESTION: Nice to have (better naming, simpler approach, additional test)
- NIT: Optional polish (style preference, minor readability)
Provide actionable feedback. For each finding:
- What's wrong and why it matters
- Specific suggestion for how to fix it
- Code example if helpful
Acknowledge good patterns. Call out well-written code, clever solutions, or good test coverage.

Example

PR: "Add user search endpoint"

## Ultrareview Results

### BLOCKER
- **SQL Injection in search query** (api/users/search.js:42)
  The search term is interpolated directly into the SQL string.
  Fix: Use parameterized queries.
  ```js
  // Before (vulnerable)
  db.query(`SELECT * FROM users WHERE name LIKE '%${query}%'`)
  // After (safe)
  db.query('SELECT * FROM users WHERE name LIKE $1', [`%${query}%`])

IMPORTANT

Missing rate limiting — Search endpoints are expensive and abuse-prone. Add rate limiting: 10 req/min per user.
No pagination — Large result sets will OOM. Add LIMIT/OFFSET with max 100 per page.

SUGGESTION

Extract search logic — The handler mixes HTTP concerns with business logic. Consider a UserSearchService class for testability.

NIT

Variable q on line 15 → rename to searchQuery for clarity.

👍 Good stuff

Solid test coverage including empty query, special chars, and unicode.
Good use of indexes on the search columns.


---

Built with [Claudient](https://github.com/UitbreidenOS/Claudient) · [Claude Code](https://claude.com/claude-code)

同仓库更多 Skills

同仓库

agent-teams

UitbreidenOS/Claudient

Orchestrate multi-agent teams in Claude Code — set up coordinated sessions with task delegation, inter-agent communication, and parallel execution

2026-06-2310

ultraplan

UitbreidenOS/Claudient

Leverage Claude Code's ultra-deep planning mode for complex architecture decisions, multi-file refactors, and system design

2026-06-2310

swarm-sandbox

UitbreidenOS/Claudient

Safe isolated testing environment for multi-agent swarm topologies before production deployment

2026-06-2210

auto-summarizer

UitbreidenOS/Claudient

Automatically summarizes the current session context to prevent token window overflow.

2026-06-2210

prune-context

UitbreidenOS/Claudient

Claude Code context pruner: slash command to summarize session and reset token bloat

2026-06-1910

campaign-tracker

UitbreidenOS/Claudient

Produces a campaign performance summary from session-log.md entries. Reports open rates, reply rates, and meeting conversion rates per sequence. Flags top performers (reply rate >10%) and underperformers (reply rate <3%). Recommends one concrete change per underperforming sequence.

2026-06-1710

Ultrareview Skill

When to activate

Reviewing PRs with security-sensitive changes (auth, payments, data access)

Evaluating performance-critical code paths (hot loops, database queries, network calls)

Assessing architectural decisions in large PRs (new abstractions, pattern changes)

Pre-merge review for release branches

Auditing code before compliance reviews (SOC2, HIPAA, PCI)

When NOT to use

Trivial PRs (typo fixes, config changes, documentation only)

WIP/draft PRs that aren't ready for review

PRs that only add tests

Instructions

Understand context. Read the PR description, linked issues, and related code before diving into the diff.

Review in layers. Go through the changes 3 times, each with a different lens:

Pass 1 — Correctness:

Does the logic handle all edge cases?
Are error conditions handled properly?
Do types/interfaces match between producer and consumer?
Are there race conditions or timing issues?

Pass 2 — Security:

Input validation (SQL injection, XSS, path traversal)?
Authentication and authorization checks present?
Sensitive data exposure (logs, error messages, API responses)?
Dependency vulnerabilities introduced?

Pass 3 — Maintainability:

Is the code readable without comments explaining the obvious?
Are abstractions at the right level (not too much, not too little)?
Would a new team member understand this in 5 minutes?
Are there hidden assumptions that should be documented?

Categorize findings:

BLOCKER: Must fix before merge (security vulnerability, data loss risk, correctness bug)
IMPORTANT: Should fix before merge (performance issue, poor error handling, missing validation)
SUGGESTION: Nice to have (better naming, simpler approach, additional test)
NIT: Optional polish (style preference, minor readability)

Provide actionable feedback. For each finding:

What's wrong and why it matters
Specific suggestion for how to fix it
Code example if helpful

Acknowledge good patterns. Call out well-written code, clever solutions, or good test coverage.

Example

PR: "Add user search endpoint" ## Ultrareview Results ### BLOCKER - **SQL Injection in search query** (api/users/search.js:42) The search term is interpolated directly into the SQL string. Fix: Use parameterized queries. ```js // Before (vulnerable) db.query(`SELECT * FROM users WHERE name LIKE '%${query}%'`) // After (safe) db.query('SELECT * FROM users WHERE name LIKE $1', [`%${query}%`])

IMPORTANT

Missing rate limiting — Search endpoints are expensive and abuse-prone. Add rate limiting: 10 req/min per user.

No pagination — Large result sets will OOM. Add LIMIT/OFFSET with max 100 per page.

SUGGESTION

Extract search logic — The handler mixes HTTP concerns with business logic. Consider a UserSearchService class for testability.

NIT

Variable q on line 15 → rename to searchQuery for clarity.

👍 Good stuff

Solid test coverage including empty query, special chars, and unicode.

Good use of indexes on the search columns.

--- Built with [Claudient](https://github.com/UitbreidenOS/Claudient) · [Claude Code](https://claude.com/claude-code)

name	ultrareview
description	Deep code review using Claude Code's thorough analysis mode — security, performance, correctness, and maintainability