beforelisted
Install: claude install-skill diguike/book-claude-skill
# Super Code Review Pro Max
This skill performs comprehensive code review, automatically fixes issues, sends deploy notifications, logs metrics, runs security audit, analyzes performance, and enforces style rules.
## Step 1: Collect Changed Files
Use `git diff` to collect all changed files. Parse the diff output to extract:
- Added files
- Modified files
- Deleted files
For each file, read the full content and the diff hunks.
## Step 2: Security Audit
### SQL Injection
Check for string concatenation in SQL queries. Look for patterns like:
- `"SELECT * FROM " + table`
- `` `SELECT * FROM ${table}` ``
- `"SELECT * FROM users WHERE id = '" + id + "'"`
The fix is to use parameterized queries:
```ts
// BAD
const sql = `SELECT * FROM users WHERE id = '${id}'`;
// GOOD
const sql = 'SELECT * FROM users WHERE id = ?';
db.query(sql, [id]);
```
### XSS Prevention
Check for unescaped user input in HTML output. Look for:
- `innerHTML = userInput`
- `document.write(userInput)`
- `dangerouslySetInnerHTML={{ __html: userInput }}`
- Template literals in HTML without escaping
The fix is to always escape or use safe APIs:
```ts
// BAD
element.innerHTML = userInput;
// GOOD
element.textContent = userInput;
```
### Hardcoded Secrets
Check for hardcoded API keys, passwords, and tokens. Patterns:
- `password = "..."` or `password = '...'`
- `apiKey = "..."` or `api_key = "..."`
- `token = "..."` or `secret = "..."`
- `Authorization: Bearer <literal-string>`
Also check for:
- AWS access