AgentSkillsCN

code-reviewer

对代码进行评审,重点关注最佳实践、安全漏洞、性能问题以及可维护性。生成结构化的评审意见,明确标注严重等级并提出切实可行的改进建议。当任务涉及代码审计或代码审查时,可使用此技能。

SKILL.md
--- frontmatter
name: code-reviewer
description: >
  Reviews code for best practices, security vulnerabilities, performance
  issues, and maintainability. Produces structured review comments with
  severity levels and actionable suggestions. Use this skill when the mission
  involves auditing or reviewing code files.

Code Reviewer

When to use

Use this skill when your mission involves reviewing, auditing, or analysing code for quality, security, or performance issues.

Instructions

Review process

  1. Scan the target files — read each file in the context to understand its purpose and structure.

  2. Check each category in order of priority:

    PriorityCategoryWhat to look for
    🔴 CriticalSecurityHardcoded secrets, injection vulnerabilities, insecure defaults, missing auth checks
    🔴 CriticalData safetyUnvalidated inputs, missing error handling, data leaks in logs
    🟡 ImportantPerformanceN+1 queries, unnecessary allocations, missing caching, blocking I/O
    🟡 ImportantBest practicesSOLID violations, dead code, duplicated logic, missing types
    🔵 MinorStyleNaming conventions, formatting, comment quality
  3. Produce structured findings using this format for each issue:

    markdown
    ### [SEVERITY] Short title
    
    **File:** `path/to/file.ext` (line X-Y)
    **Category:** Security | Performance | Best Practices | Style
    **Description:** What the issue is and why it matters.
    **Suggestion:**
    ```diff
    - current problematic code
    + suggested fix
    
    code
  4. Summarise at the end with:

    • Total issues by severity
    • Top 3 most impactful improvements
    • Overall assessment (pass / pass with warnings / needs attention)

If no issues are found

Report a clean bill of health — do not invent issues.

Rules

  • Be constructive, not nitpicky.
  • Prioritise issues that affect correctness and security over style.
  • Include line numbers and file paths for every finding.
  • Suggest fixes, not just problems.
  • Never modify files directly during a review — only report findings.