Skills Guide

Révision de code

VérifiéSûr

Analyse le code à la recherche de bugs, de vulnérabilités de sécurité, de problèmes de performance et de conformité aux bonnes pratiques. Fournit des commentaires exploitables avec des suggestions spécifiques et des exemples de code. S'active lorsque vous demandez une revue de code, des commentaires ou souhaitez améliorer du code existant.

Spar Skills Guide Bot
DeveloppementIntermédiaire
7002/06/2026
Claude CodeCursorWindsurfCopilotCodex
#code-review#best-practices#bug-detection#security-review

Recommandé pour

Développeur backendClaude CodeRevue de codeCursorDéveloppeur frontendCopilot

Notre avis

Effectue une revue de code complète pour identifier les bugs, les vulnérabilités de sécurité, les problèmes de performance et les écarts par rapport aux bonnes pratiques.

Points forts

  • Analyse systématique en quatre phases couvrant les aspects critiques, performance, qualité et bonnes pratiques.
  • Fournit des suggestions concrètes avec des exemples de code corrigé et une hiérarchisation par sévérité.
  • Inclut des motifs spécifiques à plusieurs langages (Python, JavaScript/TypeScript, etc.).

Limites

  • Peut ne pas détecter les erreurs de logique contextuelles qui nécessitent une compréhension métier.
  • Les suggestions de style peuvent être subjectives et dépendre des conventions de l'équipe.
  • Pour les très petits extraits, l'analyse peut être trop détaillée.
Quand l'utiliser

Utilisez cette compétence avant de fusionner du code ou lors d'une demande de révision pour obtenir une analyse exhaustive des problèmes potentiels.

Quand l'éviter

Ne l'utilisez pas si vous voulez écrire du nouveau code à partir de zéro ou générer des tests unitaires.

Analyse de sécurité

Sûr
Score qualité90/100

The skill is purely instructional for code review; it does not instruct or involve any execution of code, system commands, or network operations. There are no destructive actions, data exfiltration, or unsafe patterns.

Aucun point d'attention détecté

Exemples

Review a Python function for bugs and security
Review my Python code for bugs and security issues:

def authenticate(username, password):
    query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
    return execute_query(query)
Performance review of a JavaScript loop
Can you review this JavaScript function for performance problems?

function processItems(items) {
    let result = [];
    for (let i = 0; i < items.length; i++) {
        for (let j = 0; j < items.length; j++) {
            if (items[i].id === items[j].refId) {
                result.push(items[i]);
            }
        }
    }
    return result;
}
Full code review with best practices focus
Review this code for best practices, naming conventions, and potential improvements:

class data:
    def __init__(self, x, y):
        self.a = x
        self.b = y
    
    def calc(self):
        return self.a * self.b

name: code-review description: Reviews code for bugs, security issues, performance problems, and best practices. Activates when user asks for code review, feedback on code, or wants to improve existing code. version: 1.0.0 triggers:

  • code review
  • review my code
  • check this code
  • find bugs
  • improve this code
  • code feedback
  • refactor
  • code quality
  • security review
  • performance review domain: code complexity: moderate dependencies: [] browser: false author: auto-generated created: 2025-01-25

Code Review

Overview

Performs comprehensive code reviews focusing on bugs, security vulnerabilities, performance issues, and adherence to best practices. Provides actionable feedback with specific suggestions and code examples.

Auto-Activation Conditions

This skill activates when:

  • ✅ User asks to review code or give feedback
  • ✅ Request mentions finding bugs or issues
  • ✅ User wants to improve or refactor code
  • ✅ Security or performance review requested
  • ✅ Keywords: review, bugs, improve, refactor, quality, security

Does NOT activate when:

  • ❌ User wants to write new code from scratch → use code generation skill
  • ❌ User needs documentation → use docs skill
  • ❌ User wants tests written → use testing skill

Instructions

Phase 1: Understand the Code

Before reviewing, identify:

context = {
    "language": "<detected programming language>",
    "purpose": "<what does this code do?>",
    "scope": "<function|class|module|full application>",
    "framework": "<if applicable: React, Django, etc.>",
    "review_focus": "<bugs|security|performance|all>"
}

Phase 2: Systematic Review

Review the code in this order:

1. Critical Issues (Fix Immediately)

  • Security vulnerabilities

    • SQL injection
    • XSS vulnerabilities
    • Hardcoded secrets/credentials
    • Insecure data handling
    • Missing input validation

  • Bugs & Logic Errors

    • Off-by-one errors
    • Null/undefined handling
    • Race conditions
    • Infinite loops
    • Wrong operator usage

2. Performance Issues

  • Unnecessary loops or iterations
  • N+1 query problems
  • Missing caching opportunities
  • Memory leaks
  • Inefficient algorithms

3. Code Quality

  • Naming conventions
  • Function length (should be < 20 lines)
  • Code duplication (DRY violations)
  • Missing error handling
  • Unclear logic flow

4. Best Practices

  • Language-specific idioms
  • Framework conventions
  • SOLID principles
  • Type safety
  • Documentation needs

Phase 3: Provide Feedback

Feedback Format

For each issue found:

### [SEVERITY] Issue Title

**Location**: `filename.py:line_number` or code snippet
**Category**: Security | Bug | Performance | Quality | Best Practice

**Problem**:
<Clear explanation of what's wrong>

**Impact**:
<What could happen if not fixed>

**Solution**:
```language
// Fixed code example

Why this is better: <Brief explanation>


#### Severity Levels
| Level | Description | Action |
|-------|-------------|--------|
| 🔴 CRITICAL | Security hole, data loss risk | Fix immediately |
| 🟠 HIGH | Bug that causes incorrect behavior | Fix before merge |
| 🟡 MEDIUM | Performance or maintainability issue | Should fix soon |
| 🟢 LOW | Style or minor improvement | Nice to have |

### Phase 4: Summary & Recommendations

Always end with:
```markdown
## Review Summary

| Category | Issues Found |
|----------|-------------|
| 🔴 Critical | X |
| 🟠 High | X |
| 🟡 Medium | X |
| 🟢 Low | X |

## Top 3 Priority Fixes
1. <Most important fix>
2. <Second priority>
3. <Third priority>

## Overall Assessment
<Brief overall impression and recommendation>

Review Patterns by Language

Python

# BAD: Mutable default argument
def add_item(item, items=[]):
    items.append(item)
    return items

# GOOD: Use None and create new list
def add_item(item, items=None):
    if items is None:
        items = []
    items.append(item)
    return items

JavaScript/TypeScript

// BAD: == instead of ===
if (value == null) { }

// GOOD: Strict equality
if (value === null || value === undefined) { }
// or
if (value == null) { } // Only case where == is acceptable

SQL (in code)

# BAD: SQL Injection vulnerability
query = f"SELECT * FROM users WHERE id = {user_id}"

# GOOD: Parameterized query
query = "SELECT * FROM users WHERE id = %s"
cursor.execute(query, (user_id,))

React

// BAD: Missing key in list
{items.map(item => <Item data={item} />)}

// GOOD: Unique key prop
{items.map(item => <Item key={item.id} data={item} />)}

Examples

Example 1: Python Function Review

Input:

def get_user(id):
    conn = sqlite3.connect('db.sqlite')
    result = conn.execute(f"SELECT * FROM users WHERE id = {id}")
    return result.fetchone()

Output:

### 🔴 CRITICAL: SQL Injection Vulnerability

**Location**: `get_user` function, line 3
**Category**: Security

**Problem**:
User input is directly interpolated into SQL query using f-string, allowing SQL injection attacks.

**Impact**:
Attacker could extract all data, delete tables, or gain unauthorized access by passing malicious input like `1; DROP TABLE users;--`

**Solution**:
```python
def get_user(id: int) -> Optional[tuple]:
    """Fetch user by ID from database."""
    conn = sqlite3.connect('db.sqlite')
    try:
        cursor = conn.execute(
            "SELECT * FROM users WHERE id = ?",
            (id,)
        )
        return cursor.fetchone()
    finally:
        conn.close()

Why this is better:

  • Parameterized query prevents SQL injection
  • Type hint documents expected input
  • Connection properly closed with try/finally
  • Docstring explains function purpose

🟠 HIGH: Resource Leak

Location: get_user function Category: Bug

Problem: Database connection is never closed, causing resource leaks.

Solution: See fixed code above with try/finally block.


### Example 2: React Component Review

**Input**:
```jsx
function UserList({users}) {
  const [filter, setFilter] = useState()

  const filtered = users.filter(u => u.name.includes(filter))

  return (
    <div>
      <input onChange={e => setFilter(e.target.value)} />
      {filtered.map(user => <UserCard user={user} />)}
    </div>
  )
}

Output:

### 🟠 HIGH: Potential Runtime Error

**Location**: Line 4, filter operation
**Category**: Bug

**Problem**:
`filter` state is initialized as `undefined`. Calling `includes(undefined)` won't crash, but `filter` being undefined on first render may cause unexpected behavior.

**Solution**:
```jsx
const [filter, setFilter] = useState('')

🟡 MEDIUM: Missing Key Prop

Location: Line 9, map rendering Category: Best Practice

Problem: React list items missing unique key prop, causing inefficient re-renders.

Solution:

{filtered.map(user => <UserCard key={user.id} user={user} />)}

🟡 MEDIUM: Performance - Unnecessary Recalculation

Location: Line 4 Category: Performance

Problem: Filter runs on every render, even when users array hasn't changed.

Solution:

const filtered = useMemo(
  () => users.filter(u => u.name.includes(filter)),
  [users, filter]
)


## Quality Checklist
Before completing review, verify:
- [ ] All code paths examined
- [ ] Security implications considered
- [ ] Edge cases identified
- [ ] Performance bottlenecks noted
- [ ] Fixes include code examples
- [ ] Severity levels assigned
- [ ] Summary provided
- [ ] Prioritized recommendations given

## Anti-Patterns in Reviews
- ❌ Vague feedback: "This could be better"
- ❌ No code examples for fixes
- ❌ Nitpicking style when there are real bugs
- ❌ Missing severity levels
- ❌ No explanation of WHY something is wrong
- ❌ Reviewing without understanding context

## Integration
- **Works with**: testing (suggest tests for bug-prone areas), documentation
- **Browser**: Not required

## Changelog
- v1.0.0 (2025-01-25): Initial creation
Skills similaires

Expert Next.js App Router

Developpement

Un skill qui transforme Claude en expert Next.js App Router.

Claude CodeCursoradvanced
890
234
2,846
Admin

Générateur de README

Developpement

Crée des README.md professionnels et complets pour vos projets.

claudeCursorWindsurfbeginner
259
72
821
Admin

Rédacteur de Documentation API

Developpement

Génère de la documentation API complète au format OpenAPI/Swagger.

claudeCursorWindsurfintermediate
156
44
682
Admin