一键在 Manus 中运行任何 Skill

code-review

Structured code review — security, correctness, performance, maintainability. Use when asked to review code, a PR, or a diff.

在 Manus 中运行

概览

Structured code review — security, correctness, performance, maintainability. Use when asked to review code, a PR, or a diff.

安装命令

npx skills add https://github.com/chyax98/ccbot --skill code-review

复制此命令并粘贴到 Claude Code 中以安装该技能

来源

chyax98/ccbot

星标4

分支0

更新时间2026年3月9日 05:27

SKILL.md

readonly

name	code-review
description	Structured code review — security, correctness, performance, maintainability. Use when asked to review code, a PR, or a diff.
metadata	{"ccbot":{"emoji":"🔬"}}

Code Review Skill

Review Workflow

Understand scope — what changed, why, what's the expected behavior
Read the diff — use git diff or gh pr diff
Run through the checklist — cover all dimensions
Report with severity — 🔴 Critical / 🟡 Warning / 🔵 Info

Get the Code to Review

# Review staged changes
git diff --cached

# Review against main
git diff main..HEAD

# Review a GitHub PR
gh pr diff 123 --repo owner/repo

# Review a specific file
git show HEAD:src/auth.py

Review Checklist

🔴 Security (Critical — must fix)

No secrets, tokens, or passwords hardcoded
SQL queries use parameterized inputs (no string concatenation)
User input is validated and sanitized before use
File paths sanitized (no path traversal: ../../etc/passwd)
Authentication/authorization checks present and correct
No eval(), exec(), subprocess(shell=True) with user input
Dependencies up to date (no known CVEs)
Sensitive data not logged

🔴 Correctness (Critical — must fix)

Logic handles edge cases (empty input, null, zero, overflow)
Error paths are handled (exceptions caught and handled properly)
Async/concurrent code is race-condition-free
Database transactions are atomic where needed
Return values are used (not silently ignored)
Off-by-one errors in loops/ranges

🟡 Performance (Warning — should fix)

No N+1 queries (use batch/join instead)
No unnecessary repeated computation in loops
Appropriate data structures (list vs set, dict lookup)
Large data processed in streams/chunks, not fully loaded
Indexes exist for queried columns
Caching used appropriately

🟡 Maintainability (Warning — should consider)

Functions are focused (single responsibility)
Function/variable names are descriptive
Complex logic has explanatory comments
Magic numbers have named constants
Code duplication extracted into shared functions
Tests cover the new behavior

🔵 Style (Info — good to have)

Consistent with codebase conventions
No dead code or unused imports
Commit message follows convention

Output Format

## Code Review: [PR/commit title]

**Summary**: [1-2 sentences on what this does]

### 🔴 Critical

**[File:Line]** — [Issue description]
```code snippet```
**Fix**: [Concrete suggestion]

### 🟡 Warnings

- **[File:Line]** — [Issue + suggestion]

### 🔵 Info

- [Minor observations, style notes]

### ✅ Approved / 🚫 Changes Requested

Quick Security Scan

# Detect potential secrets in diff
git diff main..HEAD | grep -iE "(password|secret|token|api_key|private_key)\s*=\s*['\"][^'\"]{8,}"

# Check for shell injection patterns
git diff main..HEAD | grep -E "(subprocess|os\.system|eval|exec)\s*\("

# Find hardcoded IPs or internal URLs
git diff main..HEAD | grep -E "\b(192\.168|10\.\d+|172\.1[6-9]|localhost:)\b"

同仓库更多 Skills

同仓库

memory

chyax98/ccbot

Two-layer memory system — read and update long-term facts, recall past events from conversation history.

2026-03-094

playwright

chyax98/ccbot

Browser automation via Playwright MCP — navigate, click, fill forms, take screenshots, scrape pages, run E2E tests. Use when the user needs web automation, testing, or scraping JavaScript-rendered sites.

2026-03-094

data-analysis

chyax98/ccbot

Analyze CSV, JSON, Excel data; generate charts and reports. Use when the user provides data files or asks for statistics, charts, or data insights.

2026-03-094

deploy

chyax98/ccbot

Deploy applications to cloud platforms — Fly.io, Railway, Vercel, or via SSH. Use when the user wants to publish, deploy, or release an application.

2026-03-094

docker

chyax98/ccbot

Build, run, and manage Docker containers and images. Use when the user asks about containers, Docker builds, logs, or deployment.

2026-03-094

feishu-api

chyax98/ccbot

Interact with Feishu (Lark) API directly — read/write docs, send messages, manage bitable, query user info. Use when the user wants to automate Feishu operations.

2026-03-094

来源

chyax98

chyax98/ccbot

打开 GitHub 仓库查看创作者相关仓库

安装命令

下载

在 Manus 中运行

适用职业SOC

软件质量保证分析师与测试员计算机与数学类职业15-1253L4

一键运行任何 Skill