Agent skill
code-reviewer
Review code for best practices, security issues, and potential bugs. Use when reviewing code changes, checking PRs, analyzing code quality, or performing security audits.
Install this agent skill to your Project
npx add-skill https://github.com/nodnarbnitram/claude-code-extensions/tree/main/.claude/skills/code-reviewer
SKILL.md
Code Reviewer
Perform comprehensive code reviews focusing on quality, security, and maintainability.
Instructions
- Read the target files using the Read tool
- Search for patterns and related code using Grep
- Find related files using Glob
- Analyze code against the review checklist
- Provide structured feedback with severity levels
Review Checklist
Code Quality
- Code is simple and readable
- Functions and variables are well-named
- No duplicated code (DRY principle)
- Appropriate comments for complex logic
- Consistent code style
Security
- No exposed secrets or API keys
- Input validation implemented
- SQL injection prevention
- XSS prevention for web code
- Proper authentication/authorization checks
Error Handling
- Errors are caught and handled appropriately
- Meaningful error messages
- No silent failures
- Proper logging for debugging
Performance
- No obvious performance bottlenecks
- Efficient algorithms and data structures
- Appropriate caching where needed
- Database queries are optimized
Testing
- Adequate test coverage
- Edge cases are tested
- Tests are readable and maintainable
Output Format
Organize feedback by severity:
Critical (Must Fix)
Issues that could cause security vulnerabilities, data loss, or crashes.
Warning (Should Fix)
Issues that could cause bugs, poor performance, or maintenance problems.
Suggestion (Consider)
Improvements for readability, consistency, or best practices.
Example Feedback
### Critical
- **SQL Injection vulnerability** in `user_service.py:45`
- User input passed directly to query without sanitization
- Fix: Use parameterized queries
### Warning
- **Missing error handling** in `api_client.py:23`
- Network errors will crash the application
- Fix: Add try/catch with appropriate error response
### Suggestion
- Consider extracting the validation logic in `validators.py:78-95` into a separate function for reusability
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
skill-skeleton
ha-automation
Create and debug Home Assistant automations, scripts, blueprints, and Jinja2 templates. Use when working with triggers, conditions, actions, automation YAML, scripts, blueprints, or template expressions. Activates on keywords: automation, trigger, condition, action, blueprint, script, template, jinja2.
ha-addon
Develop Home Assistant add-ons with Docker, Supervisor API, and multi-arch builds. Use when creating add-ons, configuring Dockerfiles, setting up ingress, or publishing to repositories. Activates on keywords: add-on, addon, supervisor, hassio, ingress, bashio, docker.
cloudflare-vpc-services
Diagnose and create Cloudflare VPC Services for Workers to access private APIs in AWS, Azure, GCP, or on-premise networks. Use when troubleshooting dns_error, configuring cloudflared tunnels, setting up VPC service bindings, or routing Workers to internal services.
ha-energy
Set up Home Assistant energy monitoring with dashboards, solar, grid, and device tracking. Use when configuring energy sensors, utility meters, statistics, or analyzing consumption. Activates on keywords: energy dashboard, solar, grid, consumption, kWh, utility meter, power monitoring, state_class, device_class: energy.
tauri-v2
Tauri v2 cross-platform app development with Rust backend. Use when configuring tauri.conf.json, implementing Rust commands (#[tauri::command]), setting up IPC patterns (invoke, emit, channels), configuring permissions/capabilities, troubleshooting build issues, or deploying desktop/mobile apps. Triggers on Tauri, src-tauri, invoke, emit, capabilities.json.
Didn't find tool you were looking for?