Code Review

This skill provides expert code review capabilities focusing on code quality, security vulnerabilities, and maintainability. It analyzes code changes and provides prioritized, actionable feedback.

When to Use This Skill

After writing or modifying code to ensure quality standards
Before merging pull requests or deploying changes
When conducting security audits or vulnerability assessments
When establishing code quality standards for a project
When reviewing code for performance optimizations
When ensuring code follows project conventions and best practices

What This Skill Does

Analyzes Code Changes: Reviews git diffs and modified files to understand what changed
Security Auditing: Identifies exposed secrets, API keys, and security vulnerabilities
Quality Assessment: Evaluates code readability, maintainability, and best practices
Performance Review: Identifies potential performance issues and optimization opportunities
Standards Compliance: Ensures code follows project conventions and style guidelines
Prioritized Feedback: Organizes findings by severity (Critical, Warnings, Suggestions)

How to Use

Basic Code Review

Review the recent code changes in this branch

Check this file for security issues and code quality

Review Specific Files

Review src/auth.js for security vulnerabilities

Review the changes in this pull request

Review Process

1. Analyze Changes

When invoked:

Get Recent Changes: Run

git diff

to see what changed

bash

git diff $(git merge-base HEAD main)..HEAD

Focus on Modified Files: Prioritize files with actual changes
Review Context: Understand the purpose of changes from commit messages or conversation

2. Review Checklist

For each file, check:

Code Quality:

Code is simple and readable
Functions and variables are well-named
No duplicated code
Proper error handling
Good test coverage
Performance considerations addressed

Security:

No exposed secrets or API keys
Input validation implemented
Proper authentication/authorization
Safe handling of user input
No SQL injection or XSS vulnerabilities

Maintainability:

Consistent code style
Appropriate comments (not excessive)
Clear function/method structure
Proper separation of concerns
No unnecessary complexity

Best Practices:

Follows framework/library conventions
Proper use of design patterns
Efficient algorithms and data structures
Appropriate use of async/await or promises
Proper resource cleanup

3. Organize Feedback

Provide feedback in three priority levels:

Critical Issues (Must Fix):

Security vulnerabilities
Bugs that will cause failures
Code that breaks existing functionality
Performance issues that will impact users

Warnings (Should Fix):

Code quality issues that affect maintainability
Potential bugs or edge cases
Performance optimizations
Missing error handling
Incomplete test coverage

Suggestions (Consider Improving):

Code style improvements
Refactoring opportunities
Documentation enhancements
Best practice recommendations
Minor optimizations

4. Provide Specific Examples

For each issue found:

Location: File path and line number
Issue: Clear description of the problem
Impact: Why this matters
Fix: Specific code example showing how to fix it
Rationale: Explanation of why the fix is better

Examples

Example 1: Security Issue Found

Input: Review

src/api/auth.js

Output:

markdown

## Code Review: src/api/auth.js

### Critical Issues

**1. Exposed API Key**
- **Location**: `src/api/auth.js:23`
- **Issue**: Hardcoded API key in source code
- **Code**:
  ```javascript
  const API_KEY = "sk_live_1234567890abcdef"; // ❌ Exposed secret

Fix: Use environment variables

javascript

const API_KEY = process.env.API_KEY; // ✅ Secure

Impact: This exposes your API key in version control, allowing unauthorized access

Warnings

2. Missing Input Validation

Location:
```
src/api/auth.js:45
```
Issue: No validation on user input before processing
Recommendation: Add input validation before authentication

Example 2: Code Quality Review

Input: Review recent changes

Output:

markdown

## Code Review Summary

**Files Reviewed**: 5
**Critical Issues**: 0
**Warnings**: 3
**Suggestions**: 5

### Warnings

**1. Duplicated Code**
- **Files**: `src/utils/format.js:12-25` and `src/utils/display.js:8-21`
- **Issue**: Same formatting logic duplicated
- **Fix**: Extract to shared utility function

**2. Missing Error Handling**
- **Location**: `src/api/users.js:34`
- **Issue**: No try/catch for async operation
- **Fix**: Add proper error handling

### Suggestions

**1. Improve Variable Naming**
- **Location**: `src/components/List.jsx:15`
- **Current**: `const d = data.map(...)`
- **Suggested**: `const formattedItems = data.map(...)`

Reference Files

For comprehensive review checklists, load reference files as needed:

references/review_checklist.md
- Detailed checklists for security, code quality, performance, testing, documentation, and best practices
references/CODE_ANALYSIS.template.md
- Code analysis report template with security, performance, and maintainability sections

When conducting thorough reviews, load

references/review_checklist.md

and use the appropriate checklist sections.

Best Practices

Review Focus Areas

Security First: Always check for security vulnerabilities first
Context Matters: Understand the purpose of changes before reviewing
Be Constructive: Provide actionable feedback, not just criticism
Prioritize: Focus on critical issues that must be fixed
Explain Why: Help developers understand the reasoning behind suggestions

Review Guidelines

Be Specific: Point to exact lines and provide code examples
Be Balanced: Acknowledge good code as well as issues
Be Practical: Consider the context and urgency of changes
Be Educational: Help developers learn and improve
Be Consistent: Apply the same standards across all reviews

Common Patterns to Check