AgentSkillsCN

code-reviewer

全面的代码评审工具集,支持多语言代码质量评估。适用于 PR 分析、质量检查,以及评审报告的生成。基于 alirezarezvani/claude-skills。

SKILL.md
--- frontmatter
name: code-reviewer
description: Comprehensive code review toolkit for evaluating quality across multiple languages. Use for PR analysis, quality checking, and generating review reports. Based on alirezarezvani/claude-skills.
version: 1.0.0
category: development
last_updated: 2026-01-19
source: https://github.com/alirezarezvani/claude-skills
related_skills:
  - tdd-obra
  - systematic-debugging
  - subagent-driven

Code Reviewer Skill

Overview

This skill provides comprehensive code review capabilities across multiple programming languages including TypeScript, JavaScript, Python, Swift, and Kotlin. Focus areas: code quality, security, performance, and maintainability.

Quick Start

  1. Identify scope - Files or PR to review
  2. Run analysis - Check code quality, security, performance
  3. Document findings - Categorize by severity
  4. Provide recommendations - Actionable improvements
  5. Generate report - Structured review output

When to Use

  • Pull request reviews
  • Pre-merge quality gates
  • Code audit requirements
  • Security assessments
  • Performance optimization reviews
  • Onboarding code familiarization

Review Categories

1. Code Quality

AspectCheck For
ClarityReadable, self-documenting code
NamingDescriptive, consistent conventions
StructureSingle responsibility, appropriate abstraction
DRYNo unnecessary duplication
ComplexityCyclomatic complexity within limits

2. Security

AspectCheck For
Input validationAll user inputs validated
SQL injectionParameterized queries
XSSOutput encoding
Auth/AuthZProper authentication and authorization
SecretsNo hardcoded credentials
DependenciesUpdated, no known vulnerabilities

3. Performance

AspectCheck For
AlgorithmsAppropriate time complexity
MemoryNo leaks, efficient usage
DatabaseOptimized queries, proper indexing
CachingAppropriate cache usage
AsyncNon-blocking operations where needed

4. Testing

AspectCheck For
CoverageCritical paths tested
QualityMeaningful assertions
IsolationTests don't depend on each other
Edge casesBoundary conditions covered
MockingMinimal, appropriate mocking

Review Process

Step 1: Context Gathering

markdown
## Review Context
- **PR/Files:** [identifier]
- **Author:** [name]
- **Purpose:** [feature/bugfix/refactor]
- **Related:** [issues/tickets]

Step 2: High-Level Analysis

Scan for:

  • Overall change scope
  • Architectural impact
  • Breaking changes
  • New dependencies

Step 3: Detailed Review

For each file:

markdown
### [filename]

**Changes:** [summary]

**Findings:**
- [severity] [category]: [description]
  - Location: line X
  - Recommendation: [action]

Step 4: Security Deep Dive

Special attention to:

  • Authentication flows
  • Data handling
  • API endpoints
  • Configuration files
  • Environment variables

Step 5: Test Verification

  • Run existing tests
  • Verify new test coverage
  • Check test quality
  • Identify missing tests

Severity Levels

LevelDescriptionAction
CriticalSecurity vulnerability, data loss riskBlock merge
HighBugs, significant issuesMust fix
MediumCode quality, maintainabilityShould fix
LowStyle, minor improvementsConsider
InfoSuggestions, observationsOptional

Review Checklist

General

  • Code compiles/builds without errors
  • No merge conflicts
  • Branch is up to date with target
  • Commit messages are clear

Functionality

  • Requirements are met
  • Edge cases handled
  • Error handling is appropriate
  • No regression in existing functionality

Code Quality

  • Follows project coding standards
  • No code smells or anti-patterns
  • Appropriate comments (not excessive)
  • No dead code or debug statements

Security

  • No hardcoded secrets
  • Input validation present
  • Output encoding where needed
  • Proper error messages (no info leak)

Testing

  • New code has tests
  • All tests pass
  • Test coverage adequate
  • Tests are meaningful

Documentation

  • README updated if needed
  • API docs updated if applicable
  • Breaking changes documented

Common Anti-Patterns

Code Smells

PatternProblemSolution
God ObjectClass does too muchSplit responsibilities
Feature EnvyMethod uses other class moreMove to appropriate class
Long MethodHard to understandExtract smaller methods
Magic NumbersUnclear meaningUse named constants
Deep NestingHard to followEarly returns, extraction

Security Issues

PatternProblemSolution
SQL ConcatInjection riskParameterized queries
Eval UsageCode injectionSafe alternatives
Weak CryptoBreakable encryptionStrong algorithms
CORS *Access control bypassSpecific origins
Console SecretsCredential exposureRemove before commit

Review Report Template

markdown
# Code Review Report

## Summary
- **Reviewed:** [files/PR]
- **Date:** [date]
- **Reviewer:** [name]
- **Overall:** [APPROVE/REQUEST_CHANGES/COMMENT]

## Statistics
- Files reviewed: X
- Lines changed: +Y/-Z
- Critical issues: N
- High issues: N
- Medium issues: N

## Critical/High Findings

### [Finding Title]
- **Severity:** Critical/High
- **Category:** Security/Bug/Performance
- **Location:** file:line
- **Description:** [details]
- **Recommendation:** [action]
- **Code suggestion:**
  \`\`\`language
  // suggested fix
  \`\`\`

## Medium/Low Findings
[Grouped by category]

## Positive Observations
- [Good practices noticed]

## Recommendations
1. [Priority improvement]
2. [Secondary improvement]

## Test Coverage
- Current: X%
- Critical paths: Y%
- Recommendation: [action]

Best Practices

Do

  1. Review in small batches (200-400 lines ideal)
  2. Focus on logic, not style (use linters)
  3. Ask questions rather than demand changes
  4. Acknowledge good code
  5. Provide specific, actionable feedback
  6. Test the changes locally when possible

Don't

  1. Nitpick style issues
  2. Rewrite author's code in comments
  3. Leave vague feedback ("this is wrong")
  4. Review when fatigued
  5. Approve without understanding
  6. Block for preferences, not issues

Error Handling

SituationAction
Too large PRRequest split into smaller PRs
Missing contextAsk author for explanation
Unclear requirementsDefer to requirements review
DisagreementEscalate with evidence

Metrics

MetricTargetDescription
Review turnaround<24hTime to first review
Defect detection>80%Issues caught before merge
False positive rate<10%Unnecessary comments
Review thoroughness100%All critical areas covered

Technology-Specific Notes

TypeScript/JavaScript

  • Check for any/unknown abuse
  • Verify type safety
  • Review async/await handling
  • Check for memory leaks in React

Python

  • PEP 8 compliance
  • Type hints present
  • Exception handling
  • Virtual environment usage

Go

  • Error handling patterns
  • Goroutine leaks
  • Interface usage
  • Package organization

Related Skills


Version History

  • 1.0.0 (2026-01-19): Initial release adapted from alirezarezvani/claude-skills