Our review
Performs a comprehensive code review covering security, performance, style, team conventions, idiomatic patterns, dependency freshness, and best practices.
Strengths
- Covers a wide range of review categories (security, performance, style, etc.)
- Adapts to team conventions by analyzing existing configuration files
- Checks freshness and security of newly added dependencies
- Can analyze files, PRs, staged changes, or the entire repository
Limitations
- Does not execute code, so cannot detect runtime bugs
- May miss domain-specific defects
- Dependency freshness check is limited to newly added dependencies
When to use it
Use this skill to get a structured, in-depth review before merging a pull request or after making significant changes.
When not to use it
Avoid using it for non-versioned code or when you need automated test execution or dynamic analysis.
Security analysis
SafeQuality score88/100
The skill is a template for AI to perform code review, instructing only to read files and use git/GH commands to gather diffs. These are standard, non-destructive operations. There are no instructions for executing harmful commands, exfiltrating data, or disabling security features.
No concerns found
Examples
Review staged changes
Review staged changes in my git repository for security and performance issues.Review a specific file
Review the file src/utils/auth.ts for vulnerabilities and best practices.Review a pull request
Review PR #42 for style violations and team conventions.name: code-review description: Performs comprehensive code reviews checking for security vulnerabilities, performance issues, style violations, team conventions, language patterns, dependency freshness, best practices, and code duplication. Use when reviewing code changes, PRs, or files. argument-hint: [file path, PR number, or "staged" for staged changes]
Comprehensive Code Review
Perform a thorough code review of the specified code, checking for security, performance, style, conventions, and best practices.
Input
The target for review is provided as: $ARGUMENTS
Accepted inputs:
- File path: Review a specific file (e.g.,
src/utils/auth.ts) or directory containing source files - PR number: Review a pull request (e.g.,
#123or123) - "staged": Review all currently staged git changes
- "diff": Review unstaged changes in the working directory
- "all": All code within the repository
- No argument: Ask the user what they want reviewed
Review Categories
Analyze the code against each of these categories and report findings:
1. Security Vulnerabilities
Check for:
- Injection vulnerabilities (SQL, command, XSS, LDAP, etc.)
- Authentication and authorization flaws
- Sensitive data exposure (hardcoded secrets, credentials, API keys)
- Insecure cryptographic practices
- Missing input validation and sanitization
- Insecure deserialization
- Path traversal vulnerabilities
- CSRF vulnerabilities
- Improper error handling that leaks information
- OWASP Top 10 violations
2. Performance Issues
Check for:
- Inefficient algorithms (O(n²) when O(n) is possible, etc.)
- N+1 query problems
- Missing database indexes (when schema is available)
- Unnecessary re-renders (React, Vue, etc.)
- Memory leaks and resource cleanup issues
- Blocking operations in async contexts
- Excessive memory allocation
- Missing caching opportunities
- Inefficient data structures
- Unoptimized loops and iterations
3. Style Violations
Check for:
- Inconsistent naming conventions
- Improper indentation and formatting
- Missing or excessive whitespace
- Line length violations
- Inconsistent brace/bracket style
- Import ordering issues
- Commented-out code that should be removed
- TODO/FIXME comments that need addressing
- Compliance with project linter rules (if config files exist)
4. Team Conventions
Look for project-specific patterns by examining:
- Existing code in the repository for established patterns
- Configuration files (.eslintrc, .prettierrc, pyproject.toml, etc.)
- Contributing guidelines (CONTRIBUTING.md)
- Existing documentation
- Test patterns and naming conventions
- File and folder organization patterns
- Error handling patterns used elsewhere in codebase
Flag deviations from established team patterns.
5. Language Canonical Patterns
Check adherence to idiomatic patterns for the source language:
- TypeScript/JavaScript: Proper typing, async/await usage, module patterns
- Python: PEP 8, Pythonic idioms, type hints
- Go: Effective Go guidelines, error handling patterns
- Rust: Ownership patterns, Result/Option usage
- Java: Java conventions, design patterns
- C#: .NET conventions, LINQ usage
- (Apply similar standards for other languages)
6. Dependency Freshness
When new dependencies are added:
- Check if the dependency is actively maintained
- Verify the version is current (not outdated)
- Look for known vulnerabilities in the version
- Assess if the dependency is necessary or if native solutions exist
- Check license compatibility
- Evaluate the dependency's size and impact on bundle
7. Industry Best Practices
Check for:
- SOLID principles violations
- DRY (Don't Repeat Yourself) violations
- Proper separation of concerns
- Appropriate error handling and logging
- Meaningful variable and function names
- Functions doing one thing well
- Appropriate abstraction levels
- Proper use of design patterns
- Documentation for public APIs
- Test coverage for new functionality
8. Code Duplication (DRY)
Scan for:
- Repeated code blocks within the reviewed files
- Similar logic that exists elsewhere in the codebase
- Copy-pasted code with minor variations
- Opportunities to extract common utilities
- Duplicated algorithms that could be consolidated
- Repeated patterns that warrant abstraction
Output Format
Structure your review as follows:
# Code Review: [target]
## Summary
[Brief 2-3 sentence overview of the code quality and main findings]
## Critical Issues 🔴
[Security vulnerabilities and bugs that must be fixed]
## Warnings 🟡
[Performance issues, potential bugs, and significant best practice violations]
## Suggestions 🔵
[Style improvements, minor optimizations, and nice-to-haves]
## Detailed Findings
### Security
[Findings or "No issues found"]
### Performance
[Findings or "No issues found"]
### Style
[Findings or "No issues found"]
### Team Conventions
[Findings or "No issues found"]
### Language Patterns
[Findings or "No issues found"]
### Dependencies
[Findings or "N/A - No new dependencies"]
### Best Practices
[Findings or "No issues found"]
### Code Duplication
[Findings or "No duplication detected"]
## Positive Observations ✅
[Note good practices and well-written code sections]
Severity Levels
- 🔴 Critical: Must fix before merge (security issues, bugs, broken functionality)
- 🟡 Warning: Should fix (performance, maintainability, potential issues)
- 🔵 Suggestion: Consider fixing (style, minor improvements)
Instructions
- If reviewing a file, read the file first
- If reviewing a PR, use
gh pr diff [number]to get the changes - If reviewing staged changes, use
git diff --cached - If reviewing unstaged changes, use
git diff - For context, examine related files in the codebase
- Search for duplicated code patterns across the repository
- Check for existing linter/formatter configurations
- Provide specific line numbers for each finding
- Include code snippets showing the issue and suggested fix
- Be constructive and educational in feedback
Edge Cases
- Binary files: Skip with note that binary files cannot be reviewed
- Generated files: Note if file appears generated and skip detailed review
- Empty diff: Report that there are no changes to review
- Invalid file path: Ask user to provide a valid path
- PR not found: Report error and ask for correct PR number
Related skills
Next.js App Router Expert
Development
A skill that turns Claude into a Next.js App Router expert.
Claude CodeCursoradvanced
890
234
2,846
README Generator
Development
Creates professional and comprehensive README.md files for your projects.
claudeCursorWindsurfbeginner
259
72
821
API Documentation Writer
Development
Generates comprehensive API documentation in OpenAPI/Swagger format.
claudeCursorWindsurfintermediate
156
44
682