AgentSkillsCN

Code Review

开展深入的代码审查,同时兼顾安全性、性能与可维护性分析。

SKILL.md
--- frontmatter
name: Code Review
description: Thorough code review with security, performance, and maintainability analysis
trigger: manual

Code Review Protocol

A comprehensive code review methodology that catches issues before they reach production.

Review Checklist

1. Correctness

  • Does the code do what it's supposed to do?
  • Are all edge cases handled?
  • Are error conditions handled properly?
  • Is the logic correct for all inputs?

2. Security

  • No hardcoded secrets or credentials
  • Input validation present
  • SQL injection prevention (parameterized queries)
  • XSS prevention (output encoding)
  • CSRF protection where needed
  • Proper authentication/authorization checks
  • Sensitive data properly protected

3. Performance

  • No obvious N+1 query issues
  • Appropriate data structures used
  • No unnecessary loops or iterations
  • Database queries optimized
  • Caching considered where appropriate
  • Memory leaks prevented (cleanup handlers)

4. Maintainability

  • Code is readable and self-documenting
  • Functions are focused and not too long
  • No excessive nesting
  • Consistent naming conventions
  • Appropriate abstractions used
  • No code duplication

5. Testing

  • New code has corresponding tests
  • Edge cases tested
  • Error paths tested
  • Tests are meaningful (not just coverage)

6. Documentation

  • Complex logic is explained
  • Public APIs are documented
  • Non-obvious decisions are commented
  • README updated if needed

Review Output Format

markdown
## Code Review Summary

**Files Reviewed**: [list]
**Overall Assessment**: [APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION]

### Critical Issues (Must Fix)
- [ ] Issue 1: Description - Location - Suggested fix

### Important Issues (Should Fix)
- [ ] Issue 1: Description - Location - Suggested fix

### Suggestions (Consider)
- [ ] Suggestion 1: Description - Location - Rationale

### Positive Observations
- Good practice 1: Description
- Good practice 2: Description

Severity Levels

  • Critical: Security vulnerabilities, data loss risks, crashes
  • Important: Bugs, performance issues, maintainability problems
  • Suggestion: Style improvements, minor optimizations, nice-to-haves

Review Best Practices

  1. Be specific and actionable in feedback
  2. Explain the "why" not just the "what"
  3. Suggest alternatives, don't just criticize
  4. Acknowledge good code, not just problems
  5. Focus on the code, not the person
  6. Prioritize feedback by severity