AgentSkillsCN

reviewing-code

分析代码中的漏洞、安全缺陷、性能问题以及风格违规。当用户请求代码审查、对特定文件提出反馈、寻求优化建议,或进行安全审计时,可使用此技能。

SKILL.md
--- frontmatter
name: reviewing-code
description: Analyzes code for bugs, security vulnerabilities, performance issues, and style violations. Use when the user asks for a code review, feedback on specific files, optimization suggestions, or a security audit.

Code Reviewer

When to use this skill

  • User asks to "review", "audit", or "check" code.
  • User provides a diff or specific file and asks for improvements.
  • User asks "is this secure?" or "can this be optimized?".
  • User requests a second opinion on an implementation.

Workflow

[ ] Contextualize: Identify the programming language, framework, and the user's specific goals (e.g., "make it faster" vs. "fix this bug"). [ ] Security Scan: Check for common vulnerabilities (SQLi, XSS, secrets in code, unsafe inputs). [ ] Logic & Correctness: Verify that the code yields the expected output and handles edge cases. [ ] Performance & Efficiency: Identify O(n^2) loops, unnecessary re-renders, or memory leaks. [ ] Readability & Style: Check naming conventions, modularity (DRY), and adherence to language idioms. [ ] Summary: Present findings prioritized by severity (Critical -> Major -> Minor).

Instructions

1. The Review Mindset

  • Constructive & Specific: Don't just say "this is bad." Explain why and provide a code snippet showing the better way.
  • Prioritize:
    1. Security (Credentials, Injection, Auth)
    2. Crash/Bug Risks (Null pointers, race conditions)
    3. Performance (Resource usage, latency)
    4. Maintainability (Clean code, comments)

2. Analysis Checklist (Language Agnostic)

  • Input Validation: Are all external inputs validated/sanitized?
  • Error Handling: Are try/catch blocks used appropriately? Are errors logged?
  • Hardcoded Values: Are API keys, URLs, or magic numbers hardcoded?
  • Complexity: Is a function doing too much? (Cyclomatic complexity).
  • Testability: Is this code easy to unit test?

3. Output Format

When delivering the review, use this structure:

🔍 Summary

Brief overview of the code quality.

🔴 Critical Issues

Immediate fixes required.

  • Issue: [Description]
  • Fix: [Code Snippet]

🟡 Improvements

Optimization and cleanup suggestions.

  • Suggestion: [Description]

🟢 Good Practices

What the user did well (reinforce good habits).

Resources