AgentSkillsCN

code-review

以结构化的方式开展代码审查,并形成系统的审查结果。当用户要求审查代码、审阅 PR、检查代码质量,或说“review this”时使用。涵盖安全、性能、可读性、架构与正确性等方面。

SKILL.md
--- frontmatter
name: code-review
description: Perform systematic code review with structured findings. Use when the user asks to review code, review a PR, check code quality, or says "review this". Covers security, performance, readability, architecture, and correctness.
allowed-tools:
  - Bash
  - Read
  - Glob
  - Grep

Code Review

系统化 code review,输出结构化 findings。

Review Dimensions

DimensionFocus
Correctness逻辑错误、边界条件、错误处理
SecurityOWASP Top 10、注入、权限
PerformanceN+1 查询、不必要的分配、算法复杂度
Readability命名、结构、复杂度
Architecture职责划分、耦合度、抽象层次
Testing覆盖率、边界测试、mock 合理性

Workflow

1. Identify Scope

Determine what to review:

  • If reviewing a PR: git diff main...HEAD or gh pr diff <number>
  • If reviewing specific files: read the files directly
  • If reviewing a directory: scan all source files

2. Read the Code

Read ALL changed files thoroughly. Do not skim. For each file:

  • Understand the purpose and context
  • Note the patterns used
  • Identify entry points and data flow

3. Analyze Each Dimension

For each dimension, check systematically:

Correctness

  • Does the logic match the intent?
  • Are edge cases handled (null, empty, overflow)?
  • Are error paths correct?

Security

  • User input sanitized before use?
  • SQL queries parameterized?
  • Secrets not hardcoded?
  • File paths validated?
  • XSS vectors in output?

Performance

  • Any O(n²) where O(n) is possible?
  • Unnecessary database queries in loops?
  • Large allocations in hot paths?
  • Missing indexes for queries?

Readability

  • Variable/function names convey intent?
  • Functions < 50 lines?
  • Nesting depth ≤ 3?
  • Complex logic has explanatory comments?

Architecture

  • Single responsibility principle?
  • Dependencies flow inward?
  • No circular dependencies?
  • Appropriate abstraction level?

Testing

  • Happy path tested?
  • Error paths tested?
  • Edge cases tested?
  • Mocks are minimal and realistic?

4. Generate Report

Output format:

markdown
## Code Review: [scope]

### Summary
[2-3 句总结]

### Findings

#### Critical
- **[file:line]** [description] — [fix suggestion]

#### Major
- **[file:line]** [description] — [fix suggestion]

#### Minor
- **[file:line]** [description]

#### Nits
- **[file:line]** [description]

### Positive Notes
- [值得肯定的地方]

### Verdict
[APPROVE / REQUEST_CHANGES / COMMENT]

5. Offer to Fix

After presenting findings, offer to fix critical and major issues directly.

Severity Guide

SeverityDefinition
Critical会导致 crash、数据丢失、安全漏洞
Major影响正确性或性能,需要修复
Minor代码质量问题,建议改进
Nit风格偏好,可选