Code Review Pro
Deep code analysis covering security, performance, maintainability, and best practices.
When to Use This Skill
Activate when the user:
- •Asks for a code review
- •Wants security vulnerability scanning
- •Needs performance analysis
- •Asks to "review this code" or "audit this code"
- •Mentions finding bugs or improvements
- •Wants refactoring suggestions
- •Requests best practice validation
Instructions
- •
Security Analysis (Critical Priority)
- •SQL injection vulnerabilities
- •XSS (cross-site scripting) risks
- •Authentication/authorization issues
- •Secrets or credentials in code
- •Unsafe deserialization
- •Path traversal vulnerabilities
- •CSRF protection
- •Input validation gaps
- •Insecure cryptography
- •Dependency vulnerabilities
- •
Performance Analysis
- •N+1 query problems
- •Inefficient algorithms (check Big O complexity)
- •Memory leaks
- •Unnecessary re-renders (React/Vue)
- •Missing indexes (database queries)
- •Blocking operations
- •Resource cleanup (file handles, connections)
- •Caching opportunities
- •Excessive network calls
- •Large bundle sizes
- •
Code Quality & Maintainability
- •Code duplication (DRY violations)
- •Function/method length (should be <50 lines)
- •Cyclomatic complexity
- •Unclear naming
- •Missing error handling
- •Inconsistent style
- •Missing documentation
- •Hard-coded values that should be constants
- •God classes/functions
- •Tight coupling
- •
Best Practices
- •Language-specific idioms
- •Framework conventions
- •SOLID principles
- •Design patterns usage
- •Testing approach
- •Logging and monitoring
- •Accessibility (for UI code)
- •Type safety
- •Null/undefined handling
- •
Bugs and Edge Cases
- •Logic errors
- •Off-by-one errors
- •Race conditions
- •Null pointer exceptions
- •Unhandled edge cases
- •Timezone issues
- •Encoding problems
- •Floating point precision
- •
Provide Actionable Fixes
- •Show specific code changes
- •Explain why change is needed
- •Include before/after examples
- •Prioritize by severity
Output Format
markdown
# Code Review Report
## 🚨 Critical Issues (Fix Immediately)
### 1. SQL Injection Vulnerability (line X)
**Severity**: Critical
**Issue**: User input directly concatenated into SQL query
**Impact**: Database compromise, data theft
**Current Code:**
```javascript
const query = `SELECT * FROM users WHERE email = '${userEmail}'`;
Fixed Code:
javascript
const query = 'SELECT * FROM users WHERE email = ?'; db.query(query, [userEmail]);
Explanation: Always use parameterized queries to prevent SQL injection.
⚠️ High Priority Issues
2. Performance: N+1 Query Problem (line Y)
[Details...]
💡 Medium Priority Issues
3. Code Quality: Function Too Long (line Z)
[Details...]
✅ Low Priority / Nice to Have
4. Consider Using Const Instead of Let
[Details...]
📊 Summary
- •Total Issues: 12
- •Critical: 2
- •High: 4
- •Medium: 4
- •Low: 2
🎯 Quick Wins
Changes with high impact and low effort:
- •[Fix 1]
- •[Fix 2]
🏆 Strengths
- •Good error handling in X
- •Clear naming conventions
- •Well-structured modules
🔄 Refactoring Opportunities
- •Extract Method: Lines X-Y could be extracted into
calculateDiscount() - •Remove Duplication: [specific code blocks]
📚 Resources
code
## Examples **User**: "Review this authentication code" **Response**: Analyze auth logic → Identify security issues (weak password hashing, no rate limiting) → Check token handling → Note missing CSRF protection → Provide specific fixes with code examples → Prioritize by severity **User**: "Can you find performance issues in this React component?" **Response**: Analyze component → Identify unnecessary re-renders → Find missing useMemo/useCallback → Note large state objects → Check for expensive operations in render → Provide optimized version with explanations **User**: "Review this API endpoint" **Response**: Check input validation → Analyze error handling → Test for SQL injection → Review authentication → Check rate limiting → Examine response structure → Suggest improvements with code samples ## Best Practices - Always prioritize security issues first - Provide specific line numbers for issues - Include before/after code examples - Explain *why* something is a problem - Consider the language/framework context - Don't just criticize—acknowledge good code too - Suggest gradual improvements for large refactors - Link to documentation for recommendations - Consider project constraints (legacy code, deadlines) - Balance perfectionism with pragmatism - Focus on impactful changes - Group similar issues together - Make recommendations actionable