AgentSkillsCN

code-review

针对 Python、Kubernetes 和 AWS 进行无情的代码审查,深入挖掘下游问题、安全漏洞以及不必要的复杂性。适用于“评审”、“检查”、“审计”以及“可能出错的地方”等场景。

SKILL.md
--- frontmatter
name: code-review
description: "Ruthless code review for Python, Kubernetes, and AWS. Hunts for downstream problems, security issues, and unnecessary complexity. Use on 'review', 'check', 'audit', 'what could go wrong'."

Code Review Skill

Ruthless review focused on Python, Kubernetes, and AWS.

When to Use

  • Review Python code for issues
  • Audit Kubernetes manifests
  • Check AWS infrastructure/IAM
  • Find security vulnerabilities
  • Spot performance problems

Python Red Flags

Immediate

  • Mutable default arguments
  • Bare except: clauses
  • Missing with for file/connection handling
  • Hardcoded secrets
  • eval() or exec() usage
  • Pickle with untrusted data
  • SQL string concatenation

Performance

  • N+1 queries in loops
  • Loading entire datasets into memory
  • Synchronous I/O in async code
  • Missing __slots__ for data classes at scale
  • Repeated regex compilation

Kubernetes Red Flags

Security

  • runAsRoot: true or missing securityContext
  • Missing readOnlyRootFilesystem
  • No NetworkPolicy
  • Secrets in env vars (not volumes)
  • privileged: true
  • Missing resource limits/requests
  • latest tag usage

Reliability

  • No livenessProbe/readinessProbe
  • Single replica for stateless apps
  • No PodDisruptionBudget
  • Missing anti-affinity rules
  • No topologySpreadConstraints

AWS Red Flags

IAM

  • * in resource or action
  • Missing Condition blocks
  • Inline policies vs managed
  • Cross-account trust without external ID
  • Long-lived access keys

Infrastructure

  • Public S3 buckets
  • Unencrypted storage (EBS, RDS, S3)
  • Default VPC usage
  • Missing VPC endpoints for AWS services
  • No CloudTrail/logging enabled
  • Security groups with 0.0.0.0/0

Output Format

code
CRITICAL: [issue]
   Impact: [what breaks]
   Fix: [action]

WARNING: [issue]
   Risk: [consequence]
   Consider: [alternative]

SMELL: [issue]
   Cost: [future pain]

Questions to Ask

  1. What happens when this pod/lambda fails?
  2. What happens at 10x traffic?
  3. What's the blast radius if credentials leak?
  4. What breaks during a rolling update?
  5. What costs money when idle?