ReddRadar
Agent skill
code-review
Perform comprehensive code reviews covering security, style, performance, and best practices. Use when reviewing code changes before commit or merge, auditing existing code, or checking for vulnerabilities.
Install this agent skill to your Project
npx add-skill https://github.com/aiskillstore/marketplace/tree/main/skills/ancplua/code-review
SKILL.md
Skill: code-review
Purpose: Perform comprehensive code reviews covering security, style, performance, and best practices.
When to use this Skill
Use this Skill when:
- Reviewing code changes before commit or merge.
- Auditing existing code for issues.
- Checking for security vulnerabilities.
- Ensuring code follows project conventions.
Review workflow
1. Gather context
Before reviewing:
# See what changed
git diff --stat
git diff
# Or for specific files
git diff path/to/file
Understand:
- What is the purpose of these changes?
- Which files are affected?
- What is the expected behavior?
2. Security audit
Check for:
- Injection vulnerabilities: SQL, command, XSS.
- Authentication issues: Weak auth, missing checks.
- Authorization flaws: Missing permission checks.
- Sensitive data exposure: Hardcoded secrets, logs.
- Insecure dependencies: Known vulnerabilities.
Red flags:
- String concatenation in queries.
eval(),exec(), or similar.- Hardcoded credentials or API keys.
- Missing input validation.
- Overly permissive CORS.
3. Style check
Verify:
- Naming conventions: Clear, consistent names.
- Code formatting: Consistent indentation, spacing.
- Documentation: Comments where needed.
- File organization: Logical structure.
- Import ordering: Consistent imports.
4. Performance review
Look for:
- N+1 queries: Database access in loops.
- Unnecessary computation: Repeated calculations.
- Memory issues: Large allocations, leaks.
- Blocking operations: Sync in async contexts.
- Inefficient algorithms: O(n²) where O(n) possible.
5. Best practices
Check:
- Error handling: Proper try/catch, error types.
- Logging: Appropriate log levels.
- Testing: Test coverage for changes.
- DRY principle: No unnecessary duplication.
- Single responsibility: Functions do one thing.
6. Generate report
Summarize findings by severity:
## Code Review Summary
### Critical (must fix)
- None found
### High (should fix)
- SQL injection risk in UserService.ts:42
### Medium (consider fixing)
- Function exceeds 50 lines in ApiHandler.ts:120
### Low (nice to have)
- Consider extracting magic number to constant
### Info
- Good use of early returns in validation logic
Severity levels
| Level | Description | Action |
|---|---|---|
CRITICAL |
Security vulnerability, data loss | Must fix now |
HIGH |
Bugs, significant issues | Fix before merge |
MEDIUM |
Code quality, maintainability | Fix soon |
LOW |
Minor improvements | Nice to have |
INFO |
Observations, positive feedback | No action needed |
Common patterns
SQL injection
Bad:
const query = `SELECT * FROM users WHERE id = ${userId}`;
Good:
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
XSS vulnerability
Bad:
element.innerHTML = userInput;
Good:
element.textContent = userInput;
N+1 query
Bad:
const users = await getUsers();
for (const user of users) {
user.posts = await getPosts(user.id);
}
Good:
const users = await getUsersWithPosts();
Missing error handling
Bad:
const data = JSON.parse(input);
Good:
try {
const data = JSON.parse(input);
} catch (error) {
logger.error('Invalid JSON input', { error });
throw new ValidationError('Invalid input format');
}
Integration
With autonomous-ci
- Make changes.
- Run
code-reviewto check. - Fix issues found.
- Run
autonomous-cito verify.
With smart-commit
- Make changes.
- Run
code-reviewto check. - Fix issues.
- Use
smart-committo commit.
Checklist
Complete review checklist:
- Security vulnerabilities checked.
- Code style verified.
- Performance issues identified.
- Error handling reviewed.
- Test coverage assessed.
- Documentation checked.
- Report generated with findings.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aiskillstore/marketplace
perigon-backend
Perigon ASP.NET Core + EF Core + Aspire conventions
aiskillstore/marketplace
perigon-agent
Pointers for Copilot/agents to apply Perigon conventions
aiskillstore/marketplace
perigon-angular
Angular 21+ standalone/Material/signal conventions for Perigon WebApp
aiskillstore/marketplace
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
aiskillstore/marketplace
context7-efficient
Token-efficient library documentation fetcher using Context7 MCP with 86.8% token savings through intelligent shell pipeline filtering. Fetches code examples, API references, and best practices for JavaScript, Python, Go, Rust, and other libraries. Use when users ask about library documentation, need code examples, want API usage patterns, are learning a new framework, need syntax reference, or troubleshooting with library-specific information. Triggers include questions like "Show me React hooks", "How do I use Prisma", "What's the Next.js routing syntax", or any request for library/framework documentation.
aiskillstore/marketplace
browser-use
Browser automation using Playwright MCP. Navigate websites, fill forms, click elements, take screenshots, and extract data. Use when tasks require web browsing, form submission, web scraping, UI testing, or any browser interaction.
Didn't find tool you were looking for?