login
Yeachan-Heo

code-review

by @Yeachan-Heo in AI & LLM
3,436
275
# Install this skill:
npx skills add Yeachan-Heo/oh-my-claudecode --skill "code-review"

Install specific skill from multi-skill repository

# Description

Run a comprehensive code review

# SKILL.md

name: code-review
description: Run a comprehensive code review

Code Review Skill

Conduct a thorough code review for quality, security, and maintainability with severity-rated feedback.

When to Use

This skill activates when:
- User requests "review this code", "code review"
- Before merging a pull request
- After implementing a major feature
- User wants quality assessment

What It Does

Delegates to the code-reviewer agent (Opus model) for deep analysis:

  1. Identify Changes
  2. Run git diff to find changed files

  3. Determine scope of review (specific files or entire PR)

  4. Review Categories

  5. Security - Hardcoded secrets, injection risks, XSS, CSRF
  6. Code Quality - Function size, complexity, nesting depth
  7. Performance - Algorithm efficiency, N+1 queries, caching
  8. Best Practices - Naming, documentation, error handling

  9. Maintainability - Duplication, coupling, testability

  10. Severity Rating

  11. CRITICAL - Security vulnerability (must fix before merge)
  12. HIGH - Bug or major code smell (should fix before merge)
  13. MEDIUM - Minor issue (fix when possible)

  14. LOW - Style/suggestion (consider fixing)

  15. Specific Recommendations

  16. File:line locations for each issue
  17. Concrete fix suggestions
  18. Code examples where applicable

Agent Delegation

Task(
  subagent_type="oh-my-claudecode:code-reviewer",
  model="opus",
  prompt="CODE REVIEW TASK

Review code changes for quality, security, and maintainability.

Scope: [git diff or specific files]

Review Checklist:
- Security vulnerabilities (OWASP Top 10)
- Code quality (complexity, duplication)
- Performance issues (N+1, inefficient algorithms)
- Best practices (naming, documentation, error handling)
- Maintainability (coupling, testability)

Output: Code review report with:
- Files reviewed count
- Issues by severity (CRITICAL, HIGH, MEDIUM, LOW)
- Specific file:line locations
- Fix recommendations
- Approval recommendation (APPROVE / REQUEST CHANGES / COMMENT)"
)

Output Format

CODE REVIEW REPORT
==================

Files Reviewed: 8
Total Issues: 15

CRITICAL (0)
-----------
(none)

HIGH (3)
--------
1. src/api/auth.ts:42
   Issue: User input not sanitized before SQL query
   Risk: SQL injection vulnerability
   Fix: Use parameterized queries or ORM

2. src/components/UserProfile.tsx:89
   Issue: Password displayed in plain text in logs
   Risk: Credential exposure
   Fix: Remove password from log statements

3. src/utils/validation.ts:15
   Issue: Email regex allows invalid formats
   Risk: Accepts malformed emails
   Fix: Use proven email validation library

MEDIUM (7)
----------
...

LOW (5)
-------
...

RECOMMENDATION: REQUEST CHANGES

Critical security issues must be addressed before merge.

Review Checklist

The code-reviewer agent checks:

Security

  • [ ] No hardcoded secrets (API keys, passwords, tokens)
  • [ ] All user inputs sanitized
  • [ ] SQL/NoSQL injection prevention
  • [ ] XSS prevention (escaped outputs)
  • [ ] CSRF protection on state-changing operations
  • [ ] Authentication/authorization properly enforced

Code Quality

  • [ ] Functions < 50 lines (guideline)
  • [ ] Cyclomatic complexity < 10
  • [ ] No deeply nested code (> 4 levels)
  • [ ] No duplicate logic (DRY principle)
  • [ ] Clear, descriptive naming

Performance

  • [ ] No N+1 query patterns
  • [ ] Appropriate caching where applicable
  • [ ] Efficient algorithms (avoid O(nΒ²) when O(n) possible)
  • [ ] No unnecessary re-renders (React/Vue)

Best Practices

  • [ ] Error handling present and appropriate
  • [ ] Logging at appropriate levels
  • [ ] Documentation for public APIs
  • [ ] Tests for critical paths
  • [ ] No commented-out code

Approval Criteria

APPROVE - No CRITICAL or HIGH issues, minor improvements only
REQUEST CHANGES - CRITICAL or HIGH issues present
COMMENT - Only LOW/MEDIUM issues, no blocking concerns

Use with Other Skills

With Pipeline:

/pipeline review "implement user authentication"

Includes code review as part of implementation workflow.

With Ralph:

/ralph code-review then fix all issues

Review code, get feedback, fix until approved.

With Ultrawork:

/ultrawork review all files in src/

Parallel code review across multiple files.

Best Practices

  • Review early - Catch issues before they compound
  • Review often - Small, frequent reviews better than huge ones
  • Address CRITICAL/HIGH first - Fix security and bugs immediately
  • Consider context - Some "issues" may be intentional trade-offs
  • Learn from reviews - Use feedback to improve coding practices

# Related Skills

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.