Back to Details

code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review

代码审查

This skill provides expert code review capabilities focusing on code quality, security vulnerabilities, and maintainability. It analyzes code changes and provides prioritized, actionable feedback.
本技能提供专业的代码审查能力,聚焦代码质量、安全漏洞与可维护性。它会分析代码变更并提供按优先级排序的可执行反馈。

When to Use This Skill

适用场景

  • After writing or modifying code to ensure quality standards
  • Before merging pull requests or deploying changes
  • When conducting security audits or vulnerability assessments
  • When establishing code quality standards for a project
  • When reviewing code for performance optimizations
  • When ensuring code follows project conventions and best practices
  • 编写或修改代码后,确保符合质量标准
  • 合并拉取请求(pull requests)或部署变更前
  • 开展安全审计或漏洞评估时
  • 为项目建立代码质量标准时
  • 审查代码以进行性能优化时
  • 确保代码遵循项目规范与最佳实践时

What This Skill Does

技能功能

  1. Analyzes Code Changes: Reviews git diffs and modified files to understand what changed
  2. Security Auditing: Identifies exposed secrets, API keys, and security vulnerabilities
  3. Quality Assessment: Evaluates code readability, maintainability, and best practices
  4. Performance Review: Identifies potential performance issues and optimization opportunities
  5. Standards Compliance: Ensures code follows project conventions and style guidelines
  6. Prioritized Feedback: Organizes findings by severity (Critical, Warnings, Suggestions)
  1. 代码变更分析:审查git diffs和修改后的文件,了解变更内容
  2. 安全审计:识别暴露的密钥、API密钥和安全漏洞
  3. 质量评估:评估代码的可读性、可维护性及最佳实践遵循情况
  4. 性能审查:识别潜在的性能问题与优化机会
  5. 标准合规性检查:确保代码遵循项目规范与风格指南
  6. 优先级化反馈:按严重程度(关键、警告、建议)整理发现的问题

How to Use

使用方法

Basic Code Review

基础代码审查

Review the recent code changes in this branch
Check this file for security issues and code quality
Review the recent code changes in this branch
Check this file for security issues and code quality

Review Specific Files

审查特定文件

Review src/auth.js for security vulnerabilities
Review the changes in this pull request
Review src/auth.js for security vulnerabilities
Review the changes in this pull request

Review Process

审查流程

1. Analyze Changes

1. 变更分析

When invoked:
  1. Get Recent Changes: Run 
    git diff
    to see what changed
    bash
    git diff $(git merge-base HEAD main)..HEAD
  2. Focus on Modified Files: Prioritize files with actual changes
  3. Review Context: Understand the purpose of changes from commit messages or conversation
调用时:
  1. 获取近期变更:运行
    git diff
    查看变更内容
    bash
    git diff $(git merge-base HEAD main)..HEAD
  2. 聚焦修改文件:优先处理实际有变更的文件
  3. 审查上下文:通过提交信息或相关对话理解变更目的

2. Review Checklist

2. 审查检查清单

For each file, check:
Code Quality:
  • Code is simple and readable
  • Functions and variables are well-named
  • No duplicated code
  • Proper error handling
  • Good test coverage
  • Performance considerations addressed
Security:
  • No exposed secrets or API keys
  • Input validation implemented
  • Proper authentication/authorization
  • Safe handling of user input
  • No SQL injection or XSS vulnerabilities
Maintainability:
  • Consistent code style
  • Appropriate comments (not excessive)
  • Clear function/method structure
  • Proper separation of concerns
  • No unnecessary complexity
Best Practices:
  • Follows framework/library conventions
  • Proper use of design patterns
  • Efficient algorithms and data structures
  • Appropriate use of async/await or promises
  • Proper resource cleanup
针对每个文件,检查以下内容:
代码质量
  • 代码简洁易读
  • 函数与变量命名规范
  • 无重复代码
  • 错误处理得当
  • 测试覆盖率良好
  • 考虑了性能因素
安全性
  • 无暴露的密钥或API密钥
  • 实现了输入验证
  • 身份验证/授权机制完善
  • 用户输入处理安全
  • 无SQL注入或XSS漏洞
可维护性
  • 代码风格一致
  • 注释恰当(不过度)
  • 函数/方法结构清晰
  • 关注点分离合理
  • 无不必要的复杂度
最佳实践
  • 遵循框架/库的规范
  • 合理使用设计模式
  • 高效的算法与数据结构
  • 正确使用async/await或promises
  • 资源清理得当

3. Organize Feedback

3. 反馈整理

Provide feedback in three priority levels:
Critical Issues (Must Fix):
  • Security vulnerabilities
  • Bugs that will cause failures
  • Code that breaks existing functionality
  • Performance issues that will impact users
Warnings (Should Fix):
  • Code quality issues that affect maintainability
  • Potential bugs or edge cases
  • Performance optimizations
  • Missing error handling
  • Incomplete test coverage
Suggestions (Consider Improving):
  • Code style improvements
  • Refactoring opportunities
  • Documentation enhancements
  • Best practice recommendations
  • Minor optimizations
按三个优先级提供反馈:
关键问题(必须修复)
  • 安全漏洞
  • 会导致故障的bug
  • 破坏现有功能的代码
  • 影响用户的性能问题
警告(建议修复)
  • 影响可维护性的代码质量问题
  • 潜在bug或边缘场景
  • 性能优化点
  • 缺失的错误处理
  • 不完整的测试覆盖率
建议(考虑改进)
  • 代码风格优化
  • 重构机会
  • 文档增强
  • 最佳实践建议
  • 微小优化

4. Provide Specific Examples

4. 提供具体示例

For each issue found:
  • Location: File path and line number
  • Issue: Clear description of the problem
  • Impact: Why this matters
  • Fix: Specific code example showing how to fix it
  • Rationale: Explanation of why the fix is better
每个发现的问题需包含:
  • 位置:文件路径与行号
  • 问题:清晰描述问题
  • 影响:说明问题的严重性
  • 修复方案:提供具体的代码示例
  • 理由:解释修复方案更优的原因

Examples

示例

Example 1: Security Issue Found

示例1:发现安全问题

Input: Review 
src/api/auth.js
Output:
markdown
undefined
输入:审查
src/api/auth.js
输出
markdown
undefined

Code Review: src/api/auth.js

代码审查:src/api/auth.js

Critical Issues

关键问题

1. Exposed API Key
  • Location: 
    src/api/auth.js:23
  • Issue: Hardcoded API key in source code
  • Code:
    javascript
    const API_KEY = "sk_live_1234567890abcdef"; // ❌ Exposed secret
  • Fix: Use environment variables
    javascript
    const API_KEY = process.env.API_KEY; // ✅ Secure
  • Impact: This exposes your API key in version control, allowing unauthorized access
1. API密钥暴露
  • 位置
    src/api/auth.js:23
  • 问题:源代码中硬编码了API密钥
  • 代码:
    javascript
    const API_KEY = "sk_live_1234567890abcdef"; // ❌ 暴露的密钥
  • 修复方案:使用环境变量
    javascript
    const API_KEY = process.env.API_KEY; // ✅ 安全做法
  • 影响:这会导致API密钥在版本控制中暴露,允许未授权访问

Warnings

警告

2. Missing Input Validation
  • Location: 
    src/api/auth.js:45
  • Issue: No validation on user input before processing
  • Recommendation: Add input validation before authentication
2. 缺失输入验证
  • 位置
    src/api/auth.js:45
  • 问题:处理前未对用户输入进行验证
  • 建议:在认证前添加输入验证
undefined

Example 2: Code Quality Review

示例2:代码质量审查

Input: Review recent changes
Output:
markdown
undefined
输入:审查近期变更
输出
markdown
undefined

Code Review Summary

代码审查摘要

Files Reviewed: 5 Critical Issues: 0 Warnings: 3 Suggestions: 5
审查文件数:5 关键问题:0 警告:3 建议:5

Warnings

警告

1. Duplicated Code
  • Files: 
    src/utils/format.js:12-25
    and 
    src/utils/display.js:8-21
  • Issue: Same formatting logic duplicated
  • Fix: Extract to shared utility function
2. Missing Error Handling
  • Location: 
    src/api/users.js:34
  • Issue: No try/catch for async operation
  • Fix: Add proper error handling
1. 代码重复
  • 文件
    src/utils/format.js:12-25
    src/utils/display.js:8-21
  • 问题:相同的格式化逻辑重复出现
  • 修复方案:提取为共享工具函数
2. 缺失错误处理
  • 位置
    src/api/users.js:34
  • 问题:异步操作未添加try/catch
  • 修复方案:添加适当的错误处理

Suggestions

建议

1. Improve Variable Naming
  • Location: 
    src/components/List.jsx:15
  • Current: 
    const d = data.map(...)
  • Suggested: 
    const formattedItems = data.map(...)
undefined
1. 优化变量命名
  • 位置
    src/components/List.jsx:15
  • 当前
    const d = data.map(...)
  • 建议
    const formattedItems = data.map(...)
undefined

Reference Files

参考文件

For comprehensive review checklists, load reference files as needed:
  • references/review_checklist.md
     - Detailed checklists for security, code quality, performance, testing, documentation, and best practices
  • references/CODE_ANALYSIS.template.md
     - Code analysis report template with security, performance, and maintainability sections
When conducting thorough reviews, load 
references/review_checklist.md
and use the appropriate checklist sections.
如需全面的审查检查清单,可按需加载以下参考文件:
  • references/review_checklist.md
     - 涵盖安全、代码质量、性能、测试、文档及最佳实践的详细检查清单
  • references/CODE_ANALYSIS.template.md
     - 包含安全、性能与可维护性板块的代码分析报告模板
进行全面审查时,加载
references/review_checklist.md
并使用相应的检查清单板块。

Best Practices

最佳实践

Review Focus Areas

审查重点领域

  1. Security First: Always check for security vulnerabilities first
  2. Context Matters: Understand the purpose of changes before reviewing
  3. Be Constructive: Provide actionable feedback, not just criticism
  4. Prioritize: Focus on critical issues that must be fixed
  5. Explain Why: Help developers understand the reasoning behind suggestions
  1. 安全优先:始终首先检查安全漏洞
  2. 关注上下文:审查前先理解变更的目的
  3. 建设性反馈:提供可执行的反馈,而非单纯批评
  4. 优先级排序:聚焦必须修复的关键问题
  5. 解释原因:帮助开发者理解建议背后的逻辑

Review Guidelines

审查准则

  • Be Specific: Point to exact lines and provide code examples
  • Be Balanced: Acknowledge good code as well as issues
  • Be Practical: Consider the context and urgency of changes
  • Be Educational: Help developers learn and improve
  • Be Consistent: Apply the same standards across all reviews
  • 具体明确:指向确切行号并提供代码示例
  • 平衡客观:既要指出问题,也要认可优质代码
  • 务实可行:考虑变更的上下文与紧迫性
  • 注重教育:帮助开发者学习与提升
  • 保持一致:对所有审查应用相同标准

Common Patterns to Check

需检查的常见模式

Security:
  • Hardcoded secrets or credentials
  • SQL injection vulnerabilities
  • XSS vulnerabilities
  • Missing authentication/authorization
  • Insecure random number generation
Code Quality:
  • Code duplication
  • Magic numbers without constants
  • Deeply nested conditionals
  • Functions that do too much
  • Poor error messages
Performance:
  • N+1 query problems
  • Missing indexes
  • Inefficient algorithms
  • Unnecessary re-renders (React)
  • Memory leaks
安全方面
  • 硬编码的密钥或凭证
  • SQL注入漏洞
  • XSS漏洞
  • 缺失身份验证/授权
  • 不安全的随机数生成
代码质量方面
  • 代码重复
  • 无常量定义的魔法数字
  • 深层嵌套的条件语句
  • 职责过多的函数
  • 糟糕的错误提示
性能方面
  • N+1查询问题
  • 缺失索引
  • 低效的算法
  • 不必要的重渲染(React)
  • 内存泄漏

Related Use Cases

相关适用场景

  • Pre-commit code reviews
  • Pull request reviews
  • Security audits
  • Code quality assessments
  • Onboarding new team members
  • Establishing coding standards
  • 提交前代码审查
  • 拉取请求(pull requests)审查
  • 安全审计
  • 代码质量评估
  • 新团队成员入职培训
  • 建立编码规范