AgentSkillsCN

code-review

对当前的代码变更进行安全与质量审核。当被要求审查尚未提交的差异、查找潜在漏洞、按严重程度对问题进行分级,并在合并或提交前提供切实可行的修复方案时,此流程便能派上大用场。

SKILL.md
--- frontmatter
name: "code-review"
description: "Perform security and quality review of current changes. Use when asked to review uncommitted diffs, find vulnerabilities, rank issues by severity, and provide concrete fixes before merge or commit."

Code Review

Overview

Use this skill to execute the existing workflow migrated from code-review.md. Follow the playbook below and adapt commands to the current repository context.

Playbook

Code Review

Comprehensive security and quality review of uncommitted changes:

  1. Get changed files: git diff --name-only HEAD

  2. For each changed file, check for:

Security Issues (CRITICAL):

  • Hardcoded credentials, API keys, tokens
  • SQL injection vulnerabilities
  • XSS vulnerabilities
  • Missing input validation
  • Insecure dependencies
  • Path traversal risks

Code Quality (HIGH):

  • Functions > 50 lines
  • Files > 800 lines
  • Nesting depth > 4 levels
  • Missing error handling
  • console.log statements
  • TODO/FIXME comments
  • Missing JSDoc for public APIs

Best Practices (MEDIUM):

  • Mutation patterns (use immutable instead)
  • Emoji usage in code/comments
  • Missing tests for new code
  • Accessibility issues (a11y)
  1. Generate report with:

    • Severity: CRITICAL, HIGH, MEDIUM, LOW
    • File location and line numbers
    • Issue description
    • Suggested fix
  2. Block commit if CRITICAL or HIGH issues found

Never approve code with security vulnerabilities!