code-review-assistantlisted

Analyzes code changes for security vulnerabilities, performance issues, and maintainability concerns. Provides structured feedback with SOLID principle checks and anti-pattern detection. Triggers on: "review this code", "code review", "check my PR", "review my changes".
timwukp/agent-skills-best-practice · ★ 4 · Code & Development · score 80

Install: claude install-skill timwukp/agent-skills-best-practice

# Code Review Assistant ## Instructions ### Step 1: Gather Context Before reviewing, determine: 1. What language and framework is the code written in? 2. Is this a PR diff, a single file, or a full module? 3. What is the review scope? (Security | Performance | Maintainability | All) If reviewing a PR, ask for the diff or file list. If a single file, ask for the surrounding context (what calls it, what it calls). ### Step 2: Security Analysis Check for these categories in order of severity: **Critical:** - SQL injection (string concatenation in queries) - Command injection (unsanitized shell commands) - Path traversal (user input in file paths without validation) - Hardcoded secrets (API keys, passwords, tokens) **High:** - Missing authentication/authorization checks - Insecure deserialization - SSRF vulnerabilities (user-controlled URLs) - Missing input validation on public endpoints **Medium:** - Missing rate limiting on public APIs - Verbose error messages leaking internals - Missing CSRF protection - Insecure random number generation for security contexts ### Step 3: Performance Review Look for: 1. **N+1 queries** - database calls inside loops 2. **Unbounded collections** - loading all records without pagination 3. **Missing indexes** - queries filtering on non-indexed columns 4. **Unnecessary allocations** - creating objects in hot paths 5. **Blocking I/O** - synchronous calls in async contexts 6. **Missing caching** - repeated expensive computations with same