Agent skill

Reviewing Code

Systematically evaluate code changes for security, correctness, performance, and spec alignment. Use when reviewing PRs, assessing code quality, or verifying implementation against requirements.

View SKILL.md on GitHub Repository
Stars 152
Forks 20

Install this agent skill to your Project

npx add-skill https://github.com/Microck/ordinary-claude-skills/tree/main/skills_categorized/code-quality/reviewing-code

SKILL.md

Reviewing Code

Evaluate code changes across security, correctness, spec alignment, performance, and maintainability. Apply sequential or parallel review based on scope.

Quick Start

Sequential (small PRs, <5 files):

  1. Gather context from feature specs and acceptance criteria
  2. Review sequentially through focus areas
  3. Report findings by priority
  4. Recommend approval/revision/rework

Parallel (large PRs, >5 files):

  1. Identify independent review aspects (security, API, UI, data)
  2. Spawn specialist agents for each dimension
  3. Consolidate findings
  4. Report aggregate assessment

Context Gathering

Read documentation:

  • docs/feature-spec/F-##-*.md — Technical design and requirements
  • docs/user-stories/US-###-*.md — Acceptance criteria
  • docs/api-contracts.yaml — Expected API signatures
  • docs/data-plan.md — Event tracking requirements (if applicable)
  • docs/design-spec.md — UI/UX requirements (if applicable)
  • docs/system-design.md — Architecture patterns (if available)
  • docs/plans/<slug>/plan.md — Original implementation plan (if available)

Determine scope:

  • Files changed and features affected (F-## IDs)
  • Stories implemented (US-### IDs)
  • API, database, or schema changes

Quality Dimensions

Security (/25)

  • Input validation and sanitization
  • Authentication/authorization checks
  • Sensitive data handling
  • Injection vulnerabilities (SQL, XSS, etc.)

Correctness (/25)

  • Logic matches acceptance criteria
  • Edge cases handled properly
  • Error handling complete
  • Null/undefined checks present

Spec Alignment (/20)

  • APIs match docs/api-contracts.yaml
  • Data events match docs/data-plan.md
  • UI matches docs/design-spec.md
  • Implementation follows feature spec

Performance (/15)

  • Algorithm efficiency
  • Database query optimization
  • Resource usage (memory, network)

Maintainability (/15)

  • Code clarity and readability
  • Consistent with codebase patterns
  • Appropriate abstraction levels
  • Comments where needed

Total: /100

Finding Priority

🔴 CRITICAL (Must fix before merge)

  • Security vulnerabilities
  • Broken functionality
  • Spec violations (API contract breaks)
  • Data corruption risks

Format:

Location: file.ts:123
Problem: [Description]
Impact: [Risk/consequence]
Fix: [Specific change needed]
Spec reference: [docs/api-contracts.yaml line X]

🟡 IMPORTANT (Should fix)

  • Logic bugs in edge cases
  • Missing error handling
  • Performance issues
  • Missing analytics events
  • Accessibility violations

🟢 NICE-TO-HAVE (Optional)

  • Code style improvements
  • Better abstractions
  • Enhanced documentation

✅ GOOD PRACTICES

Highlight what was done well for learning

Review Strategies

Single-Agent Review

Best for <5 files, single concern:

  1. Review sequentially through focus areas
  2. Concentrate on 1-2 most impacted areas
  3. Generate unified report

Parallel Multi-Agent Review

Best for >5 files, multiple concerns:

  1. Spawn specialized agents:

    • Security: senior-engineer for vulnerability assessment
    • Architecture: Explore for pattern compliance
    • API Contracts: programmer for endpoint validation
    • Frontend: programmer for UI/UX and accessibility
    • Documentation: documentor for comment quality and docs

  2. Each agent reviews specific quality dimension

  3. Consolidate findings into single report

Report Structure

# Code Review: [Feature/PR]

## Summary
**Quality Score:** [X/100]
**Issues:** Critical: [N], Important: [N], Nice-to-have: [N]
**Assessment:** [APPROVE / NEEDS REVISION / MAJOR REWORK]

## Spec Compliance
- [ ] APIs match `docs/api-contracts.yaml`
- [ ] Events match `docs/data-plan.md`
- [ ] UI matches `docs/design-spec.md`
- [ ] Logic satisfies story AC

## Findings

### Critical Issues
[Issues with fix recommendations]

### Important Issues
[Issues that should be addressed]

### Nice-to-Have Suggestions
[Optional improvements]

### Good Practices
[What worked well]

## Recommendations
[Next steps: approval, revision needed, etc.]

Fix Implementation

Offer options:

  1. Fix critical + important issues
  2. Fix only critical (minimum for safety)
  3. Provide detailed explanation for learning
  4. Review only (no changes)

Parallel fixes for large revisions:

  • Spawn agents for independent fix areas
  • Coordinate on shared dependencies
  • Document each fix with location, change, and verification method

Document format:

✅ FIXED: [Issue name]
File: [path:line]
Change: [what changed]
Verification: [how to test]

Documentation Updates

Check if specs need updates:

  • Feature spec "Decisions" or "Deviations" if implementation differs
  • Design spec if UI changed
  • API contracts if endpoints modified (requires approval)
  • Data plan if events changed

Always flag for user approval before modifying specs.

Key Points

  • Read all context documents before starting
  • Focus on most impacted areas first
  • Be thorough with security-sensitive code, API changes, and critical user flows
  • Use scoring framework for comprehensive reviews
  • Parallel review scales to large PRs
  • Flag spec deviations for user decision

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

Microck/ordinary-claude-skills

nondominium-holochain-dna-dev

Specialized skill for nondominium Holochain DNA development, focusing on zome creation, entry patterns, integrity/coordinator architecture, ValueFlows compliance, and WASM optimization. Use when creating new zomes, implementing entry types, or modifying Holochain DNA code.

152 20
Explore
Microck/ordinary-claude-skills

fluidsim

Framework for computational fluid dynamics simulations using Python. Use when running fluid dynamics simulations including Navier-Stokes equations (2D/3D), shallow water equations, stratified flows, or when analyzing turbulence, vortex dynamics, or geophysical flows. Provides pseudospectral methods with FFT, HPC support, and comprehensive output analysis.

152 20
Explore
Microck/ordinary-claude-skills

metabolomics-workbench-database

Access NIH Metabolomics Workbench via REST API (4,200+ studies). Query metabolites, RefMet nomenclature, MS/NMR data, m/z searches, study metadata, for metabolomics and biomarker discovery.

152 20
Explore
Microck/ordinary-claude-skills

run-tests

Validate code changes by intelligently selecting and running the appropriate test suites. Use this when editing code to verify changes work correctly, run tests, validate functionality, or check for regressions. Automatically discovers affected test suites, selects the minimal set of venvs needed for validation, and handles test execution with Docker services as needed.

152 20
Explore
Microck/ordinary-claude-skills

skill-navigator

The 100th skill! Your intelligent guide to all 99 other skills. Recommends the perfect skill for any task, creates skill combinations, and helps you discover capabilities you didn't know you had.

152 20
Explore
Microck/ordinary-claude-skills

AgentDB Advanced Features

Master advanced AgentDB features including QUIC synchronization, multi-database management, custom distance metrics, hybrid search, and distributed systems integration. Use when building distributed AI systems, multi-agent coordination, or advanced vector search applications.

152 20
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results