Code Reviewer Skill

This is a skill that automates code reviews and provides comprehensive feedback.

Overview

This skill performs professional code reviews for pull requests and individual code files. It conducts detailed analysis from the perspectives of security, performance, maintainability, and best practices, and provides specific improvement suggestions.

Key Features

Comprehensive Code Analysis: Multi-dimensional review of security, performance, readability, and maintainability
Language-Specific Best Practices: Evaluation based on conventions and patterns of each programming language
Specific Improvement Suggestions: Implementable fixes including code examples
Severity Level Classification: Classifies issues into four levels: Critical, High, Medium, Low
Automatic Detection: Identifies bugs, security vulnerabilities, and performance bottlenecks
Code Metrics: Analysis of complexity, duplication, and test coverage
Architecture Evaluation: Assessment of design pattern and SOLID principle application

Supported Languages

JavaScript/TypeScript: React, Node.js, Next.js, Vue.js, Angular
Python: Django, Flask, FastAPI, data analysis libraries
Java: Spring Boot, Jakarta EE, Android
Go: Standard library, major frameworks
Rust: Cargo, asynchronous programming
C#: .NET, ASP.NET Core, Unity
PHP: Laravel, Symfony, WordPress
Ruby: Rails, Sinatra
Swift: iOS, macOS development
Kotlin: Android, JVM

Supports over 50 other languages

Usage

Basic Code Review

Please review this file:
[File path or code]

Pull Request Review

Review the following PR:
Changes: [Description of changes]
Files: [List of modified files]

Focus areas:
- Security
- Performance
- Code readability

Targeted Perspective Review

Review this code from a security perspective:
- SQL injection
- XSS vulnerabilities
- Authentication/authorization issues
- Sensitive information leaks

Legacy Code Improvement Suggestions

Refactoring suggestions for this legacy code:
- Conversion to modern syntax
- Performance improvements
- Testability enhancements

Review Perspectives

1. Security

Check Items:

OWASP Top 10 vulnerabilities
Injection attacks (SQL, command, XSS, etc.)
Authentication/authorization implementation
Data validation and sanitization
Proper use of encryption and hashing
Hardcoding of sensitive information
Session management
CSRF, CORS settings
Dependency vulnerabilities

Output Example:

markdown

## Security Issues

### [CRITICAL] SQL Injection Vulnerability
**Location**: user_controller.py:45
**Issue**: User input is directly concatenated into SQL queries
**Impact**: Potential unauthorized database access and data leakage

**Current Code**:
```python
query = f"SELECT * FROM users WHERE username = '{username}'"
cursor.execute(query)

Recommended Fix:

python

query = "SELECT * FROM users WHERE username = ?"
cursor.execute(query, (username,))


### 2. Performance

**Check Items**:
- Algorithm time complexity
- Unnecessary loops and nesting
- Database query optimization (N+1 problem)
- Potential memory leaks
- Inefficient data structures
- Cache utilization
- Lazy loading
- Batch processing opportunities
- Asynchronous processing utilization

**Output Example**:
```markdown
## Performance Improvements

### [HIGH] N+1 Query Problem
**Location**: blog_service.ts:78-85
**Issue**: Database queries are executed within a loop

**Impact**: 101 queries are executed for 100 posts, significantly increasing response time

**Current Code**:
```typescript
for (const post of posts) {
  post.author = await db.users.findById(post.authorId);
}

Recommended Fix:

typescript

const authorIds = posts.map(p => p.authorId);
const authors = await db.users.findByIds(authorIds);
const authorMap = new Map(authors.map(a => [a.id, a]));
posts.forEach(post => post.author = authorMap.get(post.authorId));

Effect: Number of queries reduced from 101 to 2, response time improved by 50-90%


### 3. Code Quality

**Check Items**:
- Consistent naming conventions
- Single responsibility principle for functions
- DRY principle (elimination of duplication)
- Removal of magic numbers
- Appropriateness of comments
- Error handling
- Type safety
- Null/undefined checks
- Code complexity (cyclomatic complexity)

**Output Example**:
```markdown
## Code Quality

### [MEDIUM] Function is too long (Violation of Single Responsibility Principle)
**Location**: order_processor.java:120-280
**Issue**: processOrder() is 160 lines long and has multiple responsibilities

**Refactoring Suggestion**:
```java
// Current: One long function
public void processOrder(Order order) {
  // Validation logic (20 lines)
  // Inventory check (30 lines)
  // Payment processing (40 lines)
  // Notification sending (25 lines)
  // Logging (15 lines)
  // Database update (30 lines)
}

// Recommended: Split into functions
public void processOrder(Order order) {
  validateOrder(order);
  checkInventory(order);
  processPayment(order);
  sendNotifications(order);
  updateDatabase(order);
  logOrderProcessing(order);
}

Effect: Improved testability, maintainability, and reusability


### 4. Architecture and Design Patterns

**Check Items**:
- Application of SOLID principles
- Proper use of design patterns
- Layer separation (separation of concerns)
- Dependency injection
- Interface design
- Modularity
- Scalability
- Extensibility

### 5. Testing

**Check Items**:
- Existence of tests
- Test coverage
- Test quality (AAA pattern)
- Edge case coverage
- Proper use of mocks
- Test independence
- Test readability

### 6. Error Handling and Logging

**Check Items**:
- Proper exception handling
- Clarity of error messages
- Preservation of stack traces
- Resource cleanup
- Appropriateness of logging levels
- Non-logging of sensitive information

### 7. Documentation

**Check Items**:
- Appropriateness of comments
- API documentation
- Explanation of complex logic
- Management of TODO/FIXME items
- Completeness of README

## Review Output Format

### Standard Review Report

```markdown
# Code Review Results

## Summary
- **Overall Rating**: B+ (Good)
- **Critical Issues**: 0
- **High Issues**: 2
- **Medium Issues**: 5
- **Low Issues**: 8
- **Improvement Suggestions**: 12

## Important Issues

### [HIGH] Security: Missing CSRF Protection
**File**: api/routes.py:45-67
**Description**: POST endpoints lack CSRF protection
**Recommendation**: Enable Flask's CSRF protection
**Priority**: Immediate action recommended

### [HIGH] Performance: Synchronous File I/O
**File**: upload_handler.js:89
**Description**: Large files are read synchronously
**Impact**: Server blocking, potential timeouts
**Recommendation**: Change to asynchronous I/O or streaming processing

## Improvement Suggestions

### Code Duplication Reduction
Similar validation logic is duplicated across three controllers. It is recommended to create a common validator utility.

### Type Safety Improvement
TypeScript's `any` type is used in 15 places. It is recommended to create appropriate type definitions or interfaces.

## Best Practices

✅ Properly implemented aspects:
- Appropriate error handling
- Consistent naming conventions
- Good unit test coverage (85%)

## Recommended Actions

1. **Immediate Action** (Critical/High):
   - Implement CSRF protection
   - Switch to asynchronous I/O

2. **Short-Term Action** (Medium):
   - Reduce code duplication
   - Improve type safety
   - Refactor complex functions

3. **Long-Term Improvement** (Low):
   - Expand documentation
   - Improve test coverage
   - Enhance code comments

Language-Specific Checklists

JavaScript/TypeScript

Use
```
===
```
instead of
```
==
```
Use
```
const
```
/
```
let
```
instead of
```
var
```
Proper error handling for Promises
Proper use of async/await
TypeScript: Avoid excessive use of
```
any
```
React: useEffect dependency array
Memory leaks (event listeners, timers)

Python

Comply with PEP 8 style guide
Proper use of list/dict comprehensions
Resource management using
```
with
```
statements
Use of type hints (Python 3.5+)
Avoid global variables
Proper exception catching (avoid broad except)

Java

Utilize Stream API
Proper use of Optional
Resource management with try-with-resources
Override equals() and hashCode()
Recommend immutable objects
Thread safety

Go

Thorough error handling
Resource cleanup using defer
Avoid goroutine leaks
Proper use of context
Pointers vs value receivers
Avoid race conditions

Custom Rules

Custom review rules can be defined:

Custom review rules:
- Implement rate limiting for all API endpoints
- Database migrations must be rollbackable
- All public functions require JSDoc comments
- Error responses must follow standard format

Integration with Automation

CI/CD Pipeline

yaml

# .github/workflows/code-review.yml
name: Automated Code Review
on: [pull_request]
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Code Review
        run: |
          # Automated review by Claude
          claude-code review --pr ${{ github.event.pull_request.number }}

Pre-commit Hook

bash

#!/bin/bash
# .git/hooks/pre-commit
claude-code review --staged --quick

Usage Examples

Example 1: PR for New Feature Addition

Input:

Please review the following PR:

Title: Add user authentication feature
Modified Files:
- src/auth/login.ts (new)
- src/auth/jwt.ts (new)
- src/middleware/auth.ts (new)
- src/routes/api.ts (modified)

Changes:
- Implemented JWT-based authentication
- Added login endpoint
- Created authentication middleware

Output: Comprehensive review of security, token management, and error handling

Example 2: Bug Fix Review

Input:

Review this bug fix:
Issue: User list loading is slow
Fix: Query optimization and caching addition

Output: Validation of performance improvements, evaluation of caching strategy, confirmation of edge cases

Example 3: Refactoring

Input:

Review this refactoring:
Change: Split 500-line function into 10 small functions
Purpose: Improve maintainability and testability

Output: Assessment of SOLID principle application, appropriateness of naming, validity of module division

Best Practices

Timing of Reviews

When creating a pull request: Understand the overall picture of changes
Before committing: Early issue detection
Periodic code audits: Identify improvement opportunities for existing code
Before refactoring: Determine improvement priorities

Tips for Effective Reviews

Provide context: Explain the purpose and background of changes
Specify focus areas: Clearly indicate perspectives to focus on
Review incrementally: Split large changes into smaller units
Utilize feedback: Reflect pointed-out issues in subsequent code

Utilizing Review Results

Prioritize: Address in order of Critical → High → Medium → Low
Share with the team: Use review results as team learning materials
Automate: Turn repeatedly pointed-out issues into linter rules
Track metrics: Monitor trends in issue occurrence rates

Limitations

Cannot execute tests: Only static code analysis (no actual execution)
Accuracy of business logic: Alignment with requirements requires human judgment
No guarantee of completeness: Not all bugs or issues can be detected
Project-specific rules: Only general best practices are applied by default

Integrated Tools

GitHub/GitLab: Automatically posts as PR comments
Linters: Recommended for use with ESLint, Pylint, RuboCop, etc.
Static Analyzers: Complementary to SonarQube, CodeClimate, etc.
Security Scanners: Recommended for use with Snyk, OWASP Dependency-Check, etc.

Version Information

Skill version: 1.0.0
Last updated: 2025-01-22

Usage Example:

Please review this PR:

File: src/payment/processor.py

Changes: Implementation of credit card payment processing

Key check items:
- Security (handling of card information)
- Error handling
- Transaction management
- PCI DSS compliance

This prompt will generate a comprehensive code review report!

code-reviewer

NPX Install

Tags

SKILL.md Content (Chinese)

Code Reviewer Skill

Overview

Key Features

Supported Languages

Usage

Basic Code Review

Pull Request Review

Targeted Perspective Review

Legacy Code Improvement Suggestions

Review Perspectives

1. Security

Language-Specific Checklists

JavaScript/TypeScript

Python

Java

Go

Custom Rules

Integration with Automation

CI/CD Pipeline

Pre-commit Hook

Usage Examples

Example 1: PR for New Feature Addition

Example 2: Bug Fix Review

Example 3: Refactoring

Best Practices

Timing of Reviews

Tips for Effective Reviews

Utilizing Review Results

Limitations

Integrated Tools

Version Information