Code Review Skill
Overview
Perform comprehensive code reviews analyzing bugs, style issues, performance bottlenecks, security vulnerabilities, and adherence to best practices.
Workflow
1. Scan Code Structure
- •Use
viewtool to read all relevant files in the codebase - •Identify file types, frameworks, and languages used
- •Map dependencies and module relationships
2. Analyze Code Quality
Check for the following categories:
Bugs & Logic Errors:
- •Null/undefined handling
- •Off-by-one errors
- •Race conditions
- •Memory leaks
- •Incorrect algorithm implementation
Security Issues:
- •SQL injection vulnerabilities
- •XSS vulnerabilities
- •Authentication/authorization flaws
- •Sensitive data exposure
- •Unsafe dependencies
Performance Problems:
- •Inefficient algorithms (O(n²) where O(n) possible)
- •Unnecessary database queries
- •Memory overuse
- •Blocking operations
- •Missing caching
Code Style:
- •Naming conventions
- •Code formatting inconsistencies
- •Magic numbers/strings
- •Dead code
- •Overly complex functions
Best Practices:
- •DRY (Don't Repeat Yourself) violations
- •SOLID principles adherence
- •Error handling patterns
- •Testing coverage
- •Documentation quality
3. Categorize Findings
Group issues by:
- •Critical: Security vulnerabilities, data loss risks
- •High: Bugs that cause crashes/errors
- •Medium: Performance issues, maintainability problems
- •Low: Style issues, minor improvements
4. Provide Solutions
For each issue:
- •Explain WHY it's a problem
- •Show the problematic code snippet
- •Provide a SPECIFIC fix with code examples
- •Explain the benefits of the fix
5. Generate Report
Structure the output as:
code
# Code Review Report ## Summary - Total files reviewed: X - Issues found: Y (Z critical, W high, V medium, U low) ## Critical Issues [List critical issues with fixes] ## High Priority Issues [List high priority issues with fixes] ## Medium Priority Issues [List medium priority issues with fixes] ## Low Priority Issues [List low priority issues with fixes] ## Strengths [Mention good practices found in the code] ## Recommendations [Overall suggestions for improvement]
Resources
When to Use References
- •Read
references/security_checklist.mdwhen analyzing security - •Consult
references/performance_patterns.mdfor performance optimization - •Check
references/language_guides/for language-specific best practices
Scripts (Future Enhancement)
- •
scripts/run_linter.sh <file>- Run automated linting - •
scripts/complexity_analysis.py <file>- Calculate cyclomatic complexity - •
scripts/security_scan.py <dir>- Run security vulnerability scanner
Example Usage
User: "Review this authentication code"
Process:
- •Read authentication-related files with
viewtool - •Check for common auth vulnerabilities (password storage, session management, etc.)
- •Analyze token handling and encryption
- •Check for privilege escalation risks
- •Provide detailed report with fixes
Tips for Effective Reviews
- •Be Specific: Don't just say "improve error handling" - show exactly how
- •Prioritize: Focus on critical/high issues first
- •Be Constructive: Acknowledge good code practices too
- •Provide Context: Explain the "why" behind each suggestion
- •Code Examples: Always show concrete before/after code
- •Consider Trade-offs: Mention any downsides to suggested changes