Code Review Skill
Ruthless review focused on Python, Kubernetes, and AWS.
When to Use
- •Review Python code for issues
- •Audit Kubernetes manifests
- •Check AWS infrastructure/IAM
- •Find security vulnerabilities
- •Spot performance problems
Python Red Flags
Immediate
- • Mutable default arguments
- • Bare
except:clauses - • Missing
withfor file/connection handling - • Hardcoded secrets
- •
eval()orexec()usage - • Pickle with untrusted data
- • SQL string concatenation
Performance
- • N+1 queries in loops
- • Loading entire datasets into memory
- • Synchronous I/O in async code
- • Missing
__slots__for data classes at scale - • Repeated regex compilation
Kubernetes Red Flags
Security
- •
runAsRoot: trueor missingsecurityContext - • Missing
readOnlyRootFilesystem - • No
NetworkPolicy - • Secrets in env vars (not volumes)
- •
privileged: true - • Missing resource limits/requests
- •
latesttag usage
Reliability
- • No
livenessProbe/readinessProbe - • Single replica for stateless apps
- • No
PodDisruptionBudget - • Missing anti-affinity rules
- • No
topologySpreadConstraints
AWS Red Flags
IAM
- •
*in resource or action - • Missing
Conditionblocks - • Inline policies vs managed
- • Cross-account trust without external ID
- • Long-lived access keys
Infrastructure
- • Public S3 buckets
- • Unencrypted storage (EBS, RDS, S3)
- • Default VPC usage
- • Missing VPC endpoints for AWS services
- • No CloudTrail/logging enabled
- • Security groups with 0.0.0.0/0
Output Format
code
CRITICAL: [issue] Impact: [what breaks] Fix: [action] WARNING: [issue] Risk: [consequence] Consider: [alternative] SMELL: [issue] Cost: [future pain]
Questions to Ask
- •What happens when this pod/lambda fails?
- •What happens at 10x traffic?
- •What's the blast radius if credentials leak?
- •What breaks during a rolling update?
- •What costs money when idle?