Agent skill
code-review
Perform structured code reviews focusing on correctness, readability, security, and maintainability. Use this skill when reviewing pull requests, evaluating code changes, or establishing review standards for a team.
Install this agent skill to your Project
npx add-skill https://github.com/s-hiraoku/synapse-a2a/tree/main/.claude/skills/code-review
SKILL.md
Code Review
Perform structured, actionable code reviews.
When to Use
- Reviewing a pull request or set of changes
- Evaluating code quality before merging
- Auditing a module for technical debt
- Establishing review standards or checklists
Review Dimensions
Review code across these dimensions, in priority order:
1. Correctness
- Does the code do what it claims?
- Are edge cases handled? (null, empty, overflow, concurrency)
- Are error paths tested?
- Do tests cover the changed behavior?
2. Security
- Input validation at system boundaries
- No secrets in code (API keys, passwords, tokens)
- SQL/command injection prevention
- Proper authentication and authorization checks
- See
security-auditskill for deeper analysis
3. Readability
- Clear naming (variables, functions, classes)
- Functions do one thing
- No deep nesting (max 3 levels)
- Comments explain "why", not "what"
- Consistent style with the surrounding codebase
4. Maintainability
- No unnecessary abstractions
- DRY without over-abstraction (rule of three)
- Dependencies are justified
- Breaking changes are flagged
5. Performance
- Only flag when there is a real concern (hot path, large data, N+1 queries)
- Do not micro-optimize unless the context demands it
Review Output Format
Structure feedback as:
## Review: <PR title or file>
### Must Fix
- [ ] **file.py:42** — [Correctness] Description of the issue and suggested fix
### Should Fix
- [ ] **file.py:78** — [Readability] Description and suggestion
### Consider
- [ ] **file.py:100** — [Performance] Optional improvement
### Positive
- file.py:15 — Good use of context manager for resource cleanup
Severity levels:
| Level | Meaning | Merge? |
|---|---|---|
| Must Fix | Bug, security issue, or broken contract | Block |
| Should Fix | Significant readability/maintainability concern | Request changes |
| Consider | Optional improvement, style preference | Approve with comment |
| Positive | Good patterns worth highlighting | - |
Guidelines
- Be specific - Point to exact lines, suggest concrete alternatives
- Explain why - "This could cause X because Y", not just "change this"
- Separate style from substance - Automate style (linters); review logic manually
- Limit scope - Review what changed, not the entire file (unless asked)
- Acknowledge good work - Include at least one positive observation
- Propose, don't impose - "Consider using X" not "You must use X" (unless it's a Must Fix)
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
task-planner
Guide for decomposing large tasks into a structured plan with dependency chains, managing priorities, and distributing work across agents. Outputs plan cards or delegation messages as the team contract; TodoList for personal micro-steps.
react-performance
Comprehensive React and Next.js performance optimization guide. Covers waterfall elimination, bundle size reduction, server-side optimization, re-render prevention, and rendering performance. Use when building, reviewing, or optimizing React/Next.js applications for speed.
release
Update version in pyproject.toml, plugin.json, and add changelog entry. This skill should be used when the user wants to bump the version number and update CHANGELOG.md. Triggered by /release or /version commands.
api-design
Guide API design for REST, GraphQL, gRPC, and CLI interfaces. Use this skill when designing new APIs, reviewing existing API contracts, or establishing API conventions for a project. Produces consistent, well-documented API specifications.
pr-guardian
Continuously monitor a GitHub PR for merge conflicts, CI failures, and CodeRabbit review comments, then automatically fix any issues found. Polls every 5 minutes and loops until every check is green. Use this skill whenever a PR has just been created or code has been pushed to a PR branch — it should be the default follow-up action after any PR creation or push. Also trigger on: "watch this PR", "guard this PR", "monitor CI", "keep fixing until green", "PRを監視して", "CIが通るまで 直して", /pr-guardian. When a PostToolUse hook reports that a push or PR creation just happened, proactively invoke this skill to start monitoring without waiting for the user to ask.
post-impl2
Workflow: Test workflow with non-existent agent target. . Triggered by /post-impl2 command.
Didn't find tool you were looking for?