Agent skill

code-review

Reviews code changes for bugs, security issues, and adherence to codebase patterns. This skill should be used when reviewing diffs, commits, branches, or pull requests. It focuses on finding real bugs (not style nitpicks), verifying code fits existing patterns, and providing actionable feedback with clear severity levels.

Stars 18
Forks 0

Install this agent skill to your Project

npx add-skill https://github.com/malhashemi/dotfiles/tree/main/dot_config/opencode/skill/code-review

SKILL.md

Code Review

Overview

Review code changes to find bugs, security issues, and pattern violations. Focus on what matters: logic errors, edge cases, and whether the code fits the codebase. Avoid style zealotry.

When to Use

  • Reviewing uncommitted changes (staged or unstaged)
  • Reviewing a specific commit
  • Comparing branches
  • Reviewing a pull request
  • As part of a validation gate between implementation phases

Determining What to Review

Based on input, determine which type of review to perform:

Input How to Get Diff
No arguments (default) git diff (unstaged) + git diff --cached (staged)
Commit hash (SHA) git show <hash>
Branch name git diff <branch>...HEAD
PR URL or number gh pr view + gh pr diff

Gathering Context

Diffs alone are not enough. After getting the diff, read the entire file(s) being modified to understand the full context. Code that looks wrong in isolation may be correct given surrounding logic—and vice versa.

  1. Use the diff to identify which files changed
  2. Read the full file to understand existing patterns, control flow, and error handling
  3. Check for existing conventions files (CONVENTIONS.md, AGENTS.md, .editorconfig, etc.)

What to Look For

Bugs (Primary Focus)

  • Logic errors - Off-by-one mistakes, incorrect conditionals
  • If-else guards - Missing guards, incorrect branching, unreachable code paths
  • Edge cases - Null/empty/undefined inputs, error conditions, race conditions
  • Security issues - Injection, auth bypass, data exposure
  • Broken error handling - Swallowed failures, unexpected throws, uncaught error types

Structure (Does the code fit?)

  • Does it follow existing patterns and conventions?
  • Are there established abstractions it should use but doesn't?
  • Excessive nesting that could be flattened with early returns or extraction

Performance (Only if obviously problematic)

  • O(n²) on unbounded data
  • N+1 queries
  • Blocking I/O on hot paths

Before Flagging Something

Be certain. If calling something a bug, be confident it actually is one.

Do

  • Only review the changes - do not review pre-existing code that wasn't modified
  • Investigate before flagging - if unsure, look deeper first
  • Explain realistic scenarios where edge cases actually break things

Don't

  • Flag something as a bug if unsure
  • Invent hypothetical problems without realistic scenarios
  • Be a zealot about style

Style Violations - Be Reasonable

  • Verify the code is actually in violation before complaining
  • Some "violations" are acceptable when they're the simplest option
  • A let statement is fine if the alternative is convoluted
  • Excessive nesting is a legitimate concern regardless of other style choices
  • Don't flag style preferences unless they clearly violate established project conventions

Research Before Flagging

Use available tools to verify before claiming something is wrong:

Tool Use For
codebase-pattern-finder Find how existing code handles similar problems
codebase-analyzer Understand existing patterns and conventions
Web search Verify correct usage of libraries/APIs

If uncertain and can't verify, say "I'm not sure about X" rather than flagging as definite.

Output Guidelines

Tone

  • Matter-of-fact, not accusatory or overly positive
  • Reads as helpful AI assistant, not human reviewer pretending
  • Write so reader can quickly understand without reading too closely

Content

  • Be direct about bugs - clearly explain why it's a bug
  • Communicate severity accurately - do not overstate
  • Explain conditions - clearly state scenarios/inputs necessary for bug to arise
  • No flattery - avoid "Great job...", "Thanks for..."

Severity Levels

Level Meaning
🔴 Critical Will cause failures, security vulnerability, data loss
🟠 Warning Could cause issues under specific conditions
🟡 Suggestion Improvement opportunity, not a bug

Output Template

markdown
## Code Review: [scope description]

### Summary

[1-2 sentences: Overall assessment - clean, minor issues, or significant concerns]

### Issues Found

#### 🔴 [Critical Issue Title]
**File:** `path/to/file.ts:line`
**Issue:** [Clear description of the bug]
**Scenario:** [When/how this breaks]
**Suggested fix:** [How to fix it]

#### 🟠 [Warning Title]
**File:** `path/to/file.ts:line`
**Issue:** [Description]
**Conditions:** [When this becomes a problem]

#### 🟡 [Suggestion Title]
**File:** `path/to/file.ts:line`
**Suggestion:** [What could be improved and why]

### Patterns Checked

- ✓ Follows existing error handling patterns
- ✓ Uses established abstractions
- ⚠️ Inconsistent with [pattern] in [other file]

### Verdict

[PASS | PASS WITH NOTES | NEEDS CHANGES]

[If needs changes: list what must be fixed before approval]

Expand your agent's capabilities with these related and highly-rated skills.

malhashemi/dotfiles

phase-execution

Your bulletproof guide to executing implementation phases! Handles commits, detects when phases are too big, and knows when to bail cleanly. Load this whenever you're implementing a phase - it provides clean commit protocol and signals the orchestrator when things go sideways.

18 0
Explore
malhashemi/dotfiles

parallel-research

Research scope too big? This skill decomposes large questions into independent parts, spawns parallel researchers, and synthesizes findings. Essential when comprehensive research would overflow a single context window.

18 0
Explore
malhashemi/dotfiles

plan-review

Catch oversized phases BEFORE implementation begins! This skill reviews plans for sizing, dependencies, and completeness - flagging phases that need decomposition before a single line of code is written. Load this when validating plans pre-implementation.

18 0
Explore
malhashemi/dotfiles

brand-palette

Brand color discovery and palette generation skill. This skill should be used when helping users create brand color palettes, design systems, or Tailwind color configs. It guides through hue selection (RYB color wheel), chroma/tone decisions, and generates Obsidian-compatible palette reports with APCA accessibility validation. Supports starting from hex color or OKLCH values for refinement workflows. Triggers: "brand colors", "palette", "color scheme", "design system colors", "Tailwind colors", "generate palette from hex", "generate palette from OKLCH", or when users describe brand values that imply color decisions.

18 0
Explore
malhashemi/dotfiles

pr-review-orchestration

Automated PR review cycle for RPIV orchestration. Waits for Gemini reviews, assesses feedback, implements fixes, and manages the review loop. Used by Planner agent after RPIV opens PRs. This skill is triggered automatically by RPIV when entering the PR Review phase.

18 0
Explore
malhashemi/dotfiles

pr-review

This skill provides a complete workflow for handling GitHub Pull Request reviews, specifically optimized for @gemini-code-assist automated reviews. This skill should be used when addressing PR review comments, responding to reviewers, resolving threads, requesting re-reviews, or merging PRs after feedback is addressed. Triggers include: /pr-review command, "address PR feedback", "handle review comments", "respond to gemini", or any PR review lifecycle management request.

18 0
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results