>_

code-review

Expert code review specialist for quality, security, and maintainability. Use when reviewing code changes, ensuring high development standards, or conducting security audits. Provides actionable feedback organized by priority.

$ Instalar

git clone https://github.com/89jobrien/steve /tmp/steve && cp -r /tmp/steve/steve/skills/code-review ~/.claude/skills/steve

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: code-review description: Expert code review specialist for quality, security, and maintainability. Use when reviewing code changes, ensuring high development standards, or conducting security audits. Provides actionable feedback organized by priority. author: Joseph OBrien status: unpublished updated: '2025-12-23' version: 1.0.1 tag: skill type: skill

Code Review

This skill provides expert code review capabilities focusing on code quality, security vulnerabilities, and maintainability. It analyzes code changes and provides prioritized, actionable feedback.

When to Use This Skill

  • After writing or modifying code to ensure quality standards
  • Before merging pull requests or deploying changes
  • When conducting security audits or vulnerability assessments
  • When establishing code quality standards for a project
  • When reviewing code for performance optimizations
  • When ensuring code follows project conventions and best practices

What This Skill Does

  1. Analyzes Code Changes: Reviews git diffs and modified files to understand what changed
  2. Security Auditing: Identifies exposed secrets, API keys, and security vulnerabilities
  3. Quality Assessment: Evaluates code readability, maintainability, and best practices
  4. Performance Review: Identifies potential performance issues and optimization opportunities
  5. Standards Compliance: Ensures code follows project conventions and style guidelines
  6. Prioritized Feedback: Organizes findings by severity (Critical, Warnings, Suggestions)

How to Use

Basic Code Review

Review the recent code changes in this branch

Check this file for security issues and code quality

Review Specific Files

Review src/auth.js for security vulnerabilities

Review the changes in this pull request

Review Process

1. Analyze Changes

When invoked:

  1. Get Recent Changes: Run git diff to see what changed

    git diff $(git merge-base HEAD main)..HEAD

  2. Focus on Modified Files: Prioritize files with actual changes

  3. Review Context: Understand the purpose of changes from commit messages or conversation

2. Review Checklist

For each file, check:

Code Quality:

  • Code is simple and readable
  • Functions and variables are well-named
  • No duplicated code
  • Proper error handling
  • Good test coverage
  • Performance considerations addressed

Security:

  • No exposed secrets or API keys
  • Input validation implemented
  • Proper authentication/authorization
  • Safe handling of user input
  • No SQL injection or XSS vulnerabilities

Maintainability:

  • Consistent code style
  • Appropriate comments (not excessive)
  • Clear function/method structure
  • Proper separation of concerns
  • No unnecessary complexity

Best Practices:

  • Follows framework/library conventions
  • Proper use of design patterns
  • Efficient algorithms and data structures
  • Appropriate use of async/await or promises
  • Proper resource cleanup

3. Organize Feedback

Provide feedback in three priority levels:

Critical Issues (Must Fix):

  • Security vulnerabilities
  • Bugs that will cause failures
  • Code that breaks existing functionality
  • Performance issues that will impact users

Warnings (Should Fix):

  • Code quality issues that affect maintainability
  • Potential bugs or edge cases
  • Performance optimizations
  • Missing error handling
  • Incomplete test coverage

Suggestions (Consider Improving):

  • Code style improvements
  • Refactoring opportunities
  • Documentation enhancements
  • Best practice recommendations
  • Minor optimizations

4. Provide Specific Examples

For each issue found:

  • Location: File path and line number
  • Issue: Clear description of the problem
  • Impact: Why this matters
  • Fix: Specific code example showing how to fix it
  • Rationale: Explanation of why the fix is better

Examples

Example 1: Security Issue Found

Input: Review src/api/auth.js

Output:

## Code Review: src/api/auth.js

### Critical Issues

**1. Exposed API Key**
- **Location**: `src/api/auth.js:23`
- **Issue**: Hardcoded API key in source code
- **Code**:
  ```javascript
  const API_KEY = "sk_live_1234567890abcdef"; // ❌ Exposed secret

  • Fix: Use environment variables

    const API_KEY = process.env.API_KEY; // ✅ Secure

  • Impact: This exposes your API key in version control, allowing unauthorized access

Warnings

2. Missing Input Validation

  • Location: src/api/auth.js:45
  • Issue: No validation on user input before processing
  • Recommendation: Add input validation before authentication

Example 2: Code Quality Review

Input: Review recent changes

Output:

## Code Review Summary

**Files Reviewed**: 5
**Critical Issues**: 0
**Warnings**: 3
**Suggestions**: 5

### Warnings

**1. Duplicated Code**
- **Files**: `src/utils/format.js:12-25` and `src/utils/display.js:8-21`
- **Issue**: Same formatting logic duplicated
- **Fix**: Extract to shared utility function

**2. Missing Error Handling**
- **Location**: `src/api/users.js:34`
- **Issue**: No try/catch for async operation
- **Fix**: Add proper error handling

### Suggestions

**1. Improve Variable Naming**
- **Location**: `src/components/List.jsx:15`
- **Current**: `const d = data.map(...)`
- **Suggested**: `const formattedItems = data.map(...)`

Reference Files

For comprehensive review checklists, load reference files as needed:

  • references/review_checklist.md - Detailed checklists for security, code quality, performance, testing, documentation, and best practices
  • references/CODE_ANALYSIS.template.md - Code analysis report template with security, performance, and maintainability sections

When conducting thorough reviews, load references/review_checklist.md and use the appropriate checklist sections.

Best Practices

Review Focus Areas

  1. Security First: Always check for security vulnerabilities first
  2. Context Matters: Understand the purpose of changes before reviewing
  3. Be Constructive: Provide actionable feedback, not just criticism
  4. Prioritize: Focus on critical issues that must be fixed
  5. Explain Why: Help developers understand the reasoning behind suggestions

Review Guidelines

  • Be Specific: Point to exact lines and provide code examples
  • Be Balanced: Acknowledge good code as well as issues
  • Be Practical: Consider the context and urgency of changes
  • Be Educational: Help developers learn and improve
  • Be Consistent: Apply the same standards across all reviews

Common Patterns to Check

Security:

  • Hardcoded secrets or credentials
  • SQL injection vulnerabilities
  • XSS vulnerabilities
  • Missing authentication/authorization
  • Insecure random number generation

Code Quality:

  • Code duplication
  • Magic numbers without constants
  • Deeply nested conditionals
  • Functions that do too much
  • Poor error messages

Performance:

  • N+1 query problems
  • Missing indexes
  • Inefficient algorithms
  • Unnecessary re-renders (React)
  • Memory leaks

Related Use Cases

  • Pre-commit code reviews
  • Pull request reviews
  • Security audits
  • Code quality assessments
  • Onboarding new team members
  • Establishing coding standards

Repository

89jobrien
89jobrien
Author
89jobrien/steve/steve/skills/code-review
1
Stars
0
Forks
Updated1d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
docstring
pytorch/pytorch
95.4k
at-dispatch-v2
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k