AgentSkillsCN

code-review

对尚未提交的更改进行全面的安全与质量审查。检查硬编码的机密信息、注入漏洞、代码质量问题,以及是否违反最佳实践。

SKILL.md
--- frontmatter
name: code-review
description: Comprehensive security and quality review of uncommitted changes. Checks for hardcoded secrets, injection vulnerabilities, code quality issues, and best practice violations.
disable-model-invocation: true
allowed-tools: Bash, Read, Grep, Glob

Code Review

Comprehensive security and quality review of uncommitted changes:

  1. Get changed files: git diff --name-only HEAD

  2. For each changed file, check for:

Security Issues (CRITICAL):

  • Hardcoded credentials, API keys, tokens
  • SQL injection vulnerabilities
  • XSS vulnerabilities
  • Missing input validation
  • Insecure dependencies
  • Path traversal risks

Code Quality (HIGH):

  • Functions > 50 lines
  • Files > 800 lines
  • Nesting depth > 4 levels
  • Missing error handling
  • console.log statements
  • TODO/FIXME comments
  • Missing JSDoc for public APIs

Best Practices (MEDIUM):

  • Mutation patterns (use immutable instead)
  • Emoji usage in code/comments
  • Missing tests for new code
  • Accessibility issues (a11y)
  1. Generate report with:

    • Severity: CRITICAL, HIGH, MEDIUM, LOW
    • File location and line numbers
    • Issue description
    • Suggested fix
  2. Block commit if CRITICAL or HIGH issues found

Never approve code with security vulnerabilities!