Agent skill

code-reviewer

Reviews pull requests and code changes for quality, security, and best practices. Use when user asks for code review, PR review, or mentions reviewing changes.

Stars 26
Forks 5

Install this agent skill to your Project

npx add-skill https://github.com/zhaono1/agent-playbook/tree/main/skills/code-reviewer

Metadata

Additional technical details for this skill

hooks
{
    "after_complete": [
        {
            "mode": "background",
            "reason": "Learn from review patterns",
            "trigger": "self-improving-agent"
        },
        {
            "mode": "auto",
            "reason": "Log review activity",
            "trigger": "session-logger"
        }
    ]
}

SKILL.md

Code Reviewer

A comprehensive code review skill that analyzes pull requests and code changes for quality, security, maintainability, and best practices.

When This Skill Activates

This skill activates when you:

  • Ask for a code review
  • Request a PR review
  • Mention reviewing changes
  • Say "review this" or "check this code"

Review Process

Phase 1: Context Gathering

  1. Get changed files

    bash
    git diff main...HEAD --name-only
    git log main...HEAD --oneline
    
  2. Get the diff

    bash
    git diff main...HEAD
    
  3. Understand project context

    • Read relevant documentation
    • Check existing patterns in similar files
    • Identify project-specific conventions

Phase 2: Analysis Categories

1. Correctness

  • Logic is sound and matches requirements
  • Edge cases are handled
  • Error handling is appropriate
  • No obvious bugs or typos

2. Security

  • No hardcoded secrets or credentials
  • Input validation and sanitization
  • SQL injection prevention
  • XSS prevention (for frontend)
  • Authentication/authorization checks
  • Safe handling of user data

3. Performance

  • No N+1 queries
  • Appropriate caching
  • Efficient algorithms
  • No unnecessary computations
  • Memory efficiency

4. Code Quality

  • Follows DRY principle
  • Follows KISS principle
  • Appropriate abstractions
  • Clear naming conventions
  • Proper typing (if TypeScript)
  • No commented-out code

5. Testing

  • Tests cover new functionality
  • Tests cover edge cases
  • Test assertions are meaningful
  • No brittle tests

6. Documentation

  • Complex logic is explained
  • Public APIs have documentation
  • JSDoc/TSDoc for functions
  • README updated if needed

7. Maintainability

  • Code is readable
  • Consistent style
  • Modular design
  • Separation of concerns

Phase 3: Output Format

Use this structured format for review feedback:

markdown
# Code Review

## Summary
Brief overview of the changes (2-3 sentences).

## Issues by Severity

### Critical
Must fix before merge.

- [ ] **Issue Title**: Description with file:line reference

### High
Should fix before merge unless there's a good reason.

- [ ] **Issue Title**: Description with file:line reference

### Medium
Consider fixing, can be done in follow-up.

- [ ] **Issue Title**: Description with file:line reference

### Low
Nice to have improvements.

- [ ] **Issue Title**: Description with file:line reference

## Positive Highlights
What was done well in this PR.

## Suggestions
Optional improvements that don't require immediate action.

## Approval Status
- [ ] Approved
- [ ] Approved with suggestions
- [ ] Request changes

Common Issues to Check

Security Issues

Issue Pattern Recommendation
Hardcoded secrets const API_KEY = "sk-" Use environment variables
SQL injection \"SELECT * FROM...\" + user_input Use parameterized queries
XSS vulnerability innerHTML = user_input Sanitize or use textContent
Missing auth check New endpoint without @RequireAuth Add authentication middleware

Performance Issues

Issue Pattern Recommendation
N+1 query Loop with database call Use eager loading or batch queries
Unnecessary re-render Missing dependencies in useEffect Fix dependency array
Memory leak Event listener not removed Add cleanup in useEffect return
Inefficient loop Nested loops O(n²) Consider hash map or different algorithm

Code Quality Issues

Issue Pattern Recommendation
Duplicate code Similar blocks repeated Extract to function
Magic number if (status === 5) Use named constant
Long function Function >50 lines Split into smaller functions
Complex condition `a && b

Testing Issues

Issue Pattern Recommendation
No tests New feature without test file Add unit tests
Untested edge case Test only covers happy path Add edge case tests
Brittle test Test relies on implementation details Test behavior, not implementation
Missing assertion Test doesn't assert anything Add proper assertions

Language-Specific Guidelines

TypeScript

  • Use unknown instead of any for untyped values
  • Prefer interface for public APIs, type for unions
  • Use strict mode settings
  • Avoid as assertions when possible

React

  • Follow Hooks rules
  • Use useCallback/useMemo appropriately (not prematurely)
  • Prefer function components
  • Use proper key props in lists
  • Avoid prop drilling with Context

Python

  • Follow PEP 8 style guide
  • Use type hints
  • Use f-strings for formatting
  • Prefer list comprehensions over map/filter
  • Use context managers for resources

Go

  • Handle errors explicitly
  • Use named returns for clarity
  • Keep goroutines simple
  • Use channels for communication
  • Avoid package-level state

Before Approving

Confirm the following:

  • All critical issues are addressed
  • Tests pass locally
  • No merge conflicts
  • Commit messages are clear
  • Documentation is updated
  • Breaking changes are documented

Scripts

Run the review checklist script:

bash
python scripts/review_checklist.py <pr-number>

References

  • references/checklist.md - Complete review checklist
  • references/security.md - Security review guidelines
  • references/patterns.md - Common patterns and anti-patterns

Expand your agent's capabilities with these related and highly-rated skills.

zhaono1/agent-playbook

self-improving-agent

A universal self-improving agent that learns from ALL skill experiences. Uses multi-memory architecture (semantic + episodic + working) to continuously evolve the codebase. Auto-triggers on skill completion/error with hooks-based self-correction.

26 5
Explore
zhaono1/agent-playbook

long-task-coordinator

Coordinates multi-session, delegated, or long-running work with persistent state, recovery checks, and explicit status transitions. Use when a task spans multiple turns, multiple agents, background jobs, or scheduled loops, or when interrupted work must be resumed reliably.

26 5
Explore
zhaono1/agent-playbook

api-designer

REST and GraphQL API architect for designing robust, scalable APIs. Use when designing new APIs or improving existing ones.

26 5
Explore
zhaono1/agent-playbook

security-auditor

Security vulnerability expert covering OWASP Top 10 and common security issues. Use when conducting security audits or reviewing code for vulnerabilities.

26 5
Explore
zhaono1/agent-playbook

performance-engineer

Performance optimization specialist for improving application speed and efficiency. Use when investigating performance issues or optimizing code.

26 5
Explore
zhaono1/agent-playbook

session-logger

Saves conversation history to session log files. Use when user says "保存对话", "保存对话信息", "记录会话", "save session", or "save conversation". Automatically creates timestamped session log in sessions/ directory.

26 5
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results