Back to Details

code-review-pro

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review Pro

专业代码审查(Code Review Pro)

Deep code analysis covering security, performance, maintainability, and best practices.
深入的代码分析,涵盖安全、性能、可维护性以及最佳实践。

When to Use This Skill

何时使用此技能

Activate when the user:
  • Asks for a code review
  • Wants security vulnerability scanning
  • Needs performance analysis
  • Asks to "review this code" or "audit this code"
  • Mentions finding bugs or improvements
  • Wants refactoring suggestions
  • Requests best practice validation
当用户出现以下需求时激活:
  • 请求代码审查
  • 需要安全漏洞扫描
  • 要求性能分析
  • 提出“审查这段代码”或“审计这段代码”的需求
  • 提及查找Bug或改进点
  • 需要重构建议
  • 请求验证最佳实践

Instructions

操作指南

  1. Security Analysis (Critical Priority)
    • SQL injection vulnerabilities
    • XSS (cross-site scripting) risks
    • Authentication/authorization issues
    • Secrets or credentials in code
    • Unsafe deserialization
    • Path traversal vulnerabilities
    • CSRF protection
    • Input validation gaps
    • Insecure cryptography
    • Dependency vulnerabilities
  2. Performance Analysis
    • N+1 query problems
    • Inefficient algorithms (check Big O complexity)
    • Memory leaks
    • Unnecessary re-renders (React/Vue)
    • Missing indexes (database queries)
    • Blocking operations
    • Resource cleanup (file handles, connections)
    • Caching opportunities
    • Excessive network calls
    • Large bundle sizes
  3. Code Quality & Maintainability
    • Code duplication (DRY violations)
    • Function/method length (should be <50 lines)
    • Cyclomatic complexity
    • Unclear naming
    • Missing error handling
    • Inconsistent style
    • Missing documentation
    • Hard-coded values that should be constants
    • God classes/functions
    • Tight coupling
  4. Best Practices
    • Language-specific idioms
    • Framework conventions
    • SOLID principles
    • Design patterns usage
    • Testing approach
    • Logging and monitoring
    • Accessibility (for UI code)
    • Type safety
    • Null/undefined handling
  5. Bugs and Edge Cases
    • Logic errors
    • Off-by-one errors
    • Race conditions
    • Null pointer exceptions
    • Unhandled edge cases
    • Timezone issues
    • Encoding problems
    • Floating point precision
  6. Provide Actionable Fixes
    • Show specific code changes
    • Explain why change is needed
    • Include before/after examples
    • Prioritize by severity
  1. 安全分析(最高优先级)
    • SQL injection漏洞
    • XSS(跨站脚本)风险
    • 身份认证/授权问题
    • 代码中包含密钥或凭证
    • 不安全的反序列化
    • 路径遍历漏洞
    • CSRF防护缺失
    • 输入验证漏洞
    • 不安全的加密方式
    • 依赖项漏洞
  2. 性能分析
    • N+1查询问题
    • 低效算法(检查时间复杂度Big O)
    • 内存泄漏
    • 不必要的重渲染(React/Vue)
    • 数据库查询缺少索引
    • 阻塞操作
    • 资源清理不彻底(文件句柄、连接)
    • 可缓存优化点
    • 过多的网络调用
    • 过大的包体积
  3. 代码质量与可维护性
    • 代码重复(违反DRY原则)
    • 函数/方法过长(应少于50行)
    • 圈复杂度过高
    • 命名不清晰
    • 缺少错误处理
    • 代码风格不一致
    • 缺少文档注释
    • 应设为常量的硬编码值
    • 上帝类/上帝函数
    • 紧耦合
  4. 最佳实践
    • 语言特定语法习惯
    • 框架约定
    • SOLID原则
    • 设计模式应用
    • 测试方案
    • 日志与监控
    • 可访问性(针对UI代码)
    • 类型安全
    • Null/Undefined处理
  5. Bug与边界情况
    • 逻辑错误
    • 差一错误
    • 竞态条件
    • 空指针异常
    • 未处理的边界情况
    • 时区问题
    • 编码问题
    • 浮点数精度问题
  6. 提供可执行的修复方案
    • 展示具体的代码变更
    • 解释变更的必要性
    • 包含修改前后的示例
    • 按严重程度排序

Output Format

输出格式

markdown
undefined
markdown
undefined

Code Review Report

代码审查报告

🚨 Critical Issues (Fix Immediately)

🚨 严重问题(立即修复)

1. SQL Injection Vulnerability (line X)

1. SQL Injection漏洞(第X行)

Severity: Critical Issue: User input directly concatenated into SQL query Impact: Database compromise, data theft
Current Code:
javascript
const query = `SELECT * FROM users WHERE email = '${userEmail}'`;
Fixed Code:
javascript
const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [userEmail]);
Explanation: Always use parameterized queries to prevent SQL injection.
严重程度:Critical 问题描述:用户输入直接拼接进SQL查询语句 影响:数据库被攻陷、数据被盗取
当前代码:
javascript
const query = `SELECT * FROM users WHERE email = '${userEmail}'`;
修复后代码:
javascript
const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [userEmail]);
说明:始终使用参数化查询来防止SQL注入。

⚠️ High Priority Issues

⚠️ 高优先级问题

2. Performance: N+1 Query Problem (line Y)

2. 性能问题:N+1查询问题(第Y行)

[Details...]
[详情...]

💡 Medium Priority Issues

💡 中优先级问题

3. Code Quality: Function Too Long (line Z)

3. 代码质量:函数过长(第Z行)

[Details...]
[详情...]

✅ Low Priority / Nice to Have

✅ 低优先级/优化建议

4. Consider Using Const Instead of Let

4. 建议使用Const替代Let

[Details...]
[详情...]

📊 Summary

📊 总结

  • Total Issues: 12
    • Critical: 2
    • High: 4
    • Medium: 4
    • Low: 2
  • 问题总数:12
    • 严重:2
    • 高优先级:4
    • 中优先级:4
    • 低优先级:2

🎯 Quick Wins

🎯 快速优化点

Changes with high impact and low effort:
  1. [Fix 1]
  2. [Fix 2]
高影响低成本的变更:
  1. [修复点1]
  2. [修复点2]

🏆 Strengths

🏆 代码优势

  • Good error handling in X
  • Clear naming conventions
  • Well-structured modules
  • X模块的错误处理良好
  • 命名规范清晰
  • 模块结构合理

🔄 Refactoring Opportunities

🔄 重构机会

  1. Extract Method: Lines X-Y could be extracted into 
    calculateDiscount()
  2. Remove Duplication: [specific code blocks]
  1. 提取方法:第X-Y行可提取为
    calculateDiscount()
    函数
  2. 移除重复代码:[具体代码块]

📚 Resources

📚 参考资源

undefined
undefined

Examples

示例

User: "Review this authentication code" Response: Analyze auth logic → Identify security issues (weak password hashing, no rate limiting) → Check token handling → Note missing CSRF protection → Provide specific fixes with code examples → Prioritize by severity
User: "Can you find performance issues in this React component?" Response: Analyze component → Identify unnecessary re-renders → Find missing useMemo/useCallback → Note large state objects → Check for expensive operations in render → Provide optimized version with explanations
User: "Review this API endpoint" Response: Check input validation → Analyze error handling → Test for SQL injection → Review authentication → Check rate limiting → Examine response structure → Suggest improvements with code samples
用户:“审查这段身份认证代码” 回应:分析认证逻辑 → 识别安全问题(弱密码哈希、无速率限制)→ 检查令牌处理 → 标记缺失的CSRF防护 → 提供带代码示例的具体修复方案 → 按严重程度排序
用户:“你能找出这个React组件中的性能问题吗?” 回应:分析组件 → 识别不必要的重渲染 → 发现缺失的useMemo/useCallback → 标记过大的状态对象 → 检查渲染中的耗时操作 → 提供带说明的优化版本
用户:“审查这个API端点” 回应:检查输入验证 → 分析错误处理 → 测试SQL注入风险 → 审查身份认证 → 检查速率限制 → 检查响应结构 → 提供带代码示例的改进建议

Best Practices

最佳实践

  • Always prioritize security issues first
  • Provide specific line numbers for issues
  • Include before/after code examples
  • Explain why something is a problem
  • Consider the language/framework context
  • Don't just criticize—acknowledge good code too
  • Suggest gradual improvements for large refactors
  • Link to documentation for recommendations
  • Consider project constraints (legacy code, deadlines)
  • Balance perfectionism with pragmatism
  • Focus on impactful changes
  • Group similar issues together
  • Make recommendations actionable
  • 始终将安全问题放在首位
  • 为问题提供具体的行号
  • 包含修改前后的代码示例
  • 解释问题产生的原因
  • 考虑语言/框架的上下文
  • 不要只批评,也要认可优秀的代码
  • 对于大型重构,建议逐步改进
  • 为建议提供文档链接
  • 考虑项目约束(遗留代码、截止日期)
  • 在完美主义和实用主义之间取得平衡
  • 专注于有影响力的变更
  • 将相似问题分组
  • 使建议可执行