Back to Details

code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review Skill

代码审查Skill

Conduct a thorough code review for quality, security, and maintainability with severity-rated feedback.
执行全面的代码审查,针对代码质量、安全性和可维护性提供带有严重程度评级的反馈。

When to Use

适用场景

This skill activates when:
  • User requests "review this code", "code review"
  • Before merging a pull request
  • After implementing a major feature
  • User wants quality assessment
当出现以下情况时,该技能会激活:
  • 用户请求"审查这段代码"、"代码审查"
  • 在合并pull request之前
  • 完成主要功能实现之后
  • 用户需要进行质量评估

What It Does

功能说明

Delegates to the 
code-reviewer
agent (Opus model) for deep analysis:
  1. Identify Changes
    • Run 
      git diff
      to find changed files
    • Determine scope of review (specific files or entire PR)
  2. Review Categories
    • Security - Hardcoded secrets, injection risks, XSS, CSRF
    • Code Quality - Function size, complexity, nesting depth
    • Performance - Algorithm efficiency, N+1 queries, caching
    • Best Practices - Naming, documentation, error handling
    • Maintainability - Duplication, coupling, testability
  3. Severity Rating
    • CRITICAL - Security vulnerability (must fix before merge)
    • HIGH - Bug or major code smell (should fix before merge)
    • MEDIUM - Minor issue (fix when possible)
    • LOW - Style/suggestion (consider fixing)
  4. Specific Recommendations
    • File:line locations for each issue
    • Concrete fix suggestions
    • Code examples where applicable
委托给
code-reviewer
Agent(Opus模型)进行深度分析:
  1. 识别变更
    • 运行
      git diff
      查找已变更的文件
    • 确定审查范围(特定文件或整个PR)
  2. 审查类别
    • 安全性 - 硬编码密钥、注入风险、XSS、CSRF
    • 代码质量 - 函数大小、复杂度、嵌套深度
    • 性能 - 算法效率、N+1查询、缓存
    • 最佳实践 - 命名规范、文档、错误处理
    • 可维护性 - 代码重复、耦合度、可测试性
  3. 严重程度评级
    • CRITICAL(严重) - 安全漏洞(合并前必须修复)
    • HIGH(高) - 缺陷或主要代码异味(合并前应修复)
    • MEDIUM(中) - 次要问题(尽可能修复)
    • LOW(低) - 代码风格/建议(考虑修复)
  4. 具体建议
    • 每个问题对应的文件:行号位置
    • 具体的修复建议
    • 适用时提供代码示例

Agent Delegation

Agent委托

Task(
  subagent_type="oh-my-claudecode:code-reviewer",
  model="opus",
  prompt="CODE REVIEW TASK

Review code changes for quality, security, and maintainability.

Scope: [git diff or specific files]

Review Checklist:
- Security vulnerabilities (OWASP Top 10)
- Code quality (complexity, duplication)
- Performance issues (N+1, inefficient algorithms)
- Best practices (naming, documentation, error handling)
- Maintainability (coupling, testability)

Output: Code review report with:
- Files reviewed count
- Issues by severity (CRITICAL, HIGH, MEDIUM, LOW)
- Specific file:line locations
- Fix recommendations
- Approval recommendation (APPROVE / REQUEST CHANGES / COMMENT)"
)
Task(
  subagent_type="oh-my-claudecode:code-reviewer",
  model="opus",
  prompt="CODE REVIEW TASK

Review code changes for quality, security, and maintainability.

Scope: [git diff or specific files]

Review Checklist:
- Security vulnerabilities (OWASP Top 10)
- Code quality (complexity, duplication)
- Performance issues (N+1, inefficient algorithms)
- Best practices (naming, documentation, error handling)
- Maintainability (coupling, testability)

Output: Code review report with:
- Files reviewed count
- Issues by severity (CRITICAL, HIGH, MEDIUM, LOW)
- Specific file:line locations
- Fix recommendations
- Approval recommendation (APPROVE / REQUEST CHANGES / COMMENT)"
)

External Model Consultation (Preferred)

外部模型咨询(推荐)

The code-reviewer agent SHOULD consult Codex for cross-validation.
code-reviewer Agent应咨询Codex进行交叉验证。

Protocol

流程规范

  1. Form your OWN review FIRST - Complete the review independently
  2. Consult for validation - Cross-check findings with Codex
  3. Critically evaluate - Never blindly adopt external findings
  4. Graceful fallback - Never block if tools unavailable
  1. 先独立完成审查 - 自主完成审查工作
  2. 咨询以验证结果 - 与Codex交叉核对审查发现
  3. 严谨评估 - 切勿盲目采纳外部结果
  4. 优雅降级 - 若工具不可用,切勿阻塞流程

When to Consult

咨询时机

  • Security-sensitive code changes
  • Complex architectural patterns
  • Unfamiliar codebases or languages
  • High-stakes production code
  • 安全敏感的代码变更
  • 复杂的架构模式
  • 不熟悉的代码库或编程语言
  • 高风险的生产环境代码

When to Skip

跳过时机

  • Simple refactoring
  • Well-understood patterns
  • Time-critical reviews
  • Small, isolated changes
  • 简单的重构
  • 熟知的代码模式
  • 时间紧迫的审查
  • 小型、独立的变更

Tool Usage

工具使用

Use 
mcp__x__ask_codex
with 
agent_role: "code-reviewer"
.
Note: Codex calls can take up to 1 hour. Consider the review timeline before consulting.
使用
mcp__x__ask_codex
,并设置
agent_role: "code-reviewer"
注意: 调用Codex可能需要长达1小时。请在咨询前考虑审查时间线。

Output Format

输出格式

CODE REVIEW REPORT
==================

Files Reviewed: 8
Total Issues: 15

CRITICAL (0)
-----------
(none)

HIGH (3)
--------
1. src/api/auth.ts:42
   Issue: User input not sanitized before SQL query
   Risk: SQL injection vulnerability
   Fix: Use parameterized queries or ORM

2. src/components/UserProfile.tsx:89
   Issue: Password displayed in plain text in logs
   Risk: Credential exposure
   Fix: Remove password from log statements

3. src/utils/validation.ts:15
   Issue: Email regex allows invalid formats
   Risk: Accepts malformed emails
   Fix: Use proven email validation library

MEDIUM (7)
----------
...

LOW (5)
-------
...

RECOMMENDATION: REQUEST CHANGES

Critical security issues must be addressed before merge.
CODE REVIEW REPORT
==================

Files Reviewed: 8
Total Issues: 15

CRITICAL (0)
-----------
(none)

HIGH (3)
--------
1. src/api/auth.ts:42
   Issue: User input not sanitized before SQL query
   Risk: SQL injection vulnerability
   Fix: Use parameterized queries or ORM

2. src/components/UserProfile.tsx:89
   Issue: Password displayed in plain text in logs
   Risk: Credential exposure
   Fix: Remove password from log statements

3. src/utils/validation.ts:15
   Issue: Email regex allows invalid formats
   Risk: Accepts malformed emails
   Fix: Use proven email validation library

MEDIUM (7)
----------
...

LOW (5)
-------
...

RECOMMENDATION: REQUEST CHANGES

Critical security issues must be addressed before merge.

Review Checklist

审查检查清单

The code-reviewer agent checks:
code-reviewer Agent会检查以下内容:

Security

安全性

  • No hardcoded secrets (API keys, passwords, tokens)
  • All user inputs sanitized
  • SQL/NoSQL injection prevention
  • XSS prevention (escaped outputs)
  • CSRF protection on state-changing operations
  • Authentication/authorization properly enforced
  • 无硬编码密钥(API密钥、密码、令牌)
  • 所有用户输入均已 sanitize(过滤)
  • 已防范SQL/NoSQL注入
  • 已防范XSS(输出已转义)
  • 状态变更操作已添加CSRF防护
  • 身份验证/授权已正确实施

Code Quality

代码质量

  • Functions < 50 lines (guideline)
  • Cyclomatic complexity < 10
  • No deeply nested code (> 4 levels)
  • No duplicate logic (DRY principle)
  • Clear, descriptive naming
  • 函数行数少于50行(参考标准)
  • 圈复杂度低于10
  • 无深度嵌套代码(超过4层)
  • 无重复逻辑(遵循DRY原则)
  • 命名清晰、具有描述性

Performance

性能

  • No N+1 query patterns
  • Appropriate caching where applicable
  • Efficient algorithms (avoid O(n²) when O(n) possible)
  • No unnecessary re-renders (React/Vue)
  • 无N+1查询模式
  • 在适用场景下使用了合适的缓存
  • 算法高效(在可行时避免O(n²)复杂度)
  • 无不必要的重渲染(React/Vue)

Best Practices

最佳实践

  • Error handling present and appropriate
  • Logging at appropriate levels
  • Documentation for public APIs
  • Tests for critical paths
  • No commented-out code
  • 已添加且合适的错误处理
  • 日志级别设置合理
  • 公共API已添加文档
  • 关键路径已添加测试
  • 无注释掉的代码

Approval Criteria

批准标准

APPROVE - No CRITICAL or HIGH issues, minor improvements only REQUEST CHANGES - CRITICAL or HIGH issues present COMMENT - Only LOW/MEDIUM issues, no blocking concerns
APPROVE(批准) - 无CRITICAL或HIGH级问题,仅存在次要改进点 REQUEST CHANGES(要求变更) - 存在CRITICAL或HIGH级问题 COMMENT(评论) - 仅存在LOW/MEDIUM级问题,无阻塞性问题

Use with Other Skills

与其他Skill搭配使用

With Pipeline:
/pipeline review "implement user authentication"
Includes code review as part of implementation workflow.
With Ralph:
/ralph code-review then fix all issues
Review code, get feedback, fix until approved.
With Ultrawork:
/ultrawork review all files in src/
Parallel code review across multiple files.
与Pipeline搭配:
/pipeline review "implement user authentication"
将代码审查作为实现工作流的一部分。
与Ralph搭配:
/ralph code-review then fix all issues
审查代码、获取反馈、修复问题直至获得批准。
与Ultrawork搭配:
/ultrawork review all files in src/
对多个文件进行并行代码审查。

Best Practices

最佳实践

  • Review early - Catch issues before they compound
  • Review often - Small, frequent reviews better than huge ones
  • Address CRITICAL/HIGH first - Fix security and bugs immediately
  • Consider context - Some "issues" may be intentional trade-offs
  • Learn from reviews - Use feedback to improve coding practices
  • 尽早审查 - 在问题复杂化之前发现并解决
  • 经常审查 - 小型、频繁的审查优于大规模审查
  • 优先处理CRITICAL/HIGH级问题 - 立即修复安全漏洞和缺陷
  • 考虑上下文 - 某些“问题”可能是有意的权衡选择
  • 从审查中学习 - 利用反馈改进编码实践