playbooks

home / skills / beshkenadze / claude-skills-marketplace / code-reviewer

code-reviewer skill

/skills/development/code-reviewer

This skill reviews code for security, quality, and best practices, delivering concrete fixes and actionable recommendations.

npx playbooks add skill beshkenadze/claude-skills-marketplace --skill code-reviewer

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.8 KB
---
name: code-reviewer
description: Review code for quality, security, and best practices. Use when asked to review code, find bugs, or suggest improvements.
version: 1.0.0
---

# Code Reviewer

## Overview

Provides comprehensive code review capabilities including quality analysis, security scanning, and best practice recommendations.

## Instructions

When reviewing code:

1. **Read the code** thoroughly before making any suggestions
2. **Identify issues** by category:
   - Security vulnerabilities (OWASP Top 10)
   - Performance concerns
   - Code style and readability
   - Logic errors and bugs
   - Missing error handling
3. **Prioritize feedback** from critical to minor
4. **Suggest fixes** with concrete code examples

## Review Categories

### Security
- SQL injection, XSS, command injection
- Authentication/authorization flaws
- Sensitive data exposure
- Insecure dependencies

### Performance
- N+1 queries
- Memory leaks
- Unnecessary computations
- Missing caching opportunities

### Quality
- DRY violations
- SOLID principle violations
- Complex conditionals
- Missing tests

## Examples

### Example: Security Review

**User Request:**
"Review this login function for security issues"

**Response Format:**
```
## Security Review: login()

### Critical Issues
1. **SQL Injection** (Line 15)
   - Current: `query = f"SELECT * FROM users WHERE email='{email}'"`
   - Fix: Use parameterized queries

### Recommendations
- Add rate limiting
- Implement account lockout
```

## Guidelines

### Do
- Be specific with line numbers when possible
- Provide working code examples for fixes
- Prioritize actionable feedback
- Acknowledge good patterns when found
- Read entire file before commenting

### Don't
- Nitpick style issues (leave to linters)
- Block on subjective preferences
- Review generated/vendored code
- Make vague suggestions without examples

Overview

This skill performs thorough code reviews focused on quality, security, and best practices. It analyzes source files to find bugs, performance issues, and security vulnerabilities, and returns prioritized, actionable feedback. Reviews include concrete fix suggestions and example code when appropriate.

How this skill works

I read the provided code end-to-end, classify findings into categories (security, performance, quality, logic, error handling), and prioritize feedback from critical to minor. For each issue I explain the problem, point to lines or regions when possible, and propose specific fixes with code examples. I also call out positive patterns and recommend tests or tooling to prevent regressions.

When to use it

  • When you want a security-focused review (OWASP Top 10 risks, injection flaws, auth issues).
  • When you need performance analysis (N+1 queries, caching, memory use).
  • Before merging important changes to catch logic bugs and missing error handling.
  • When you want concrete, example-driven fixes rather than vague suggestions.
  • When creating or improving tests, architecture, or dependency hygiene.

Best practices

  • Provide full relevant files or minimal reproducible snippets so I can read context end-to-end.
  • Ask for specific focus areas (security, performance, tests) to tailor the review priorities.
  • Share runtime details and sample inputs if behavior depends on environment or data.
  • Run linters and static analysis first; I’ll focus on substantive issues and leave style to tools.
  • Request follow-up iterations after fixes to validate the proposed changes.

Example use cases

  • Security review of an authentication/login function to detect SQL injection, XSS, or auth flaws.
  • Performance review of data access code to spot N+1 queries and caching opportunities.
  • Bug hunt on a failing endpoint to identify logic errors and missing error handling.
  • Pre-merge review that prioritizes critical fixes and provides ready-to-apply patches.
  • Guidance on improving test coverage and suggesting unit or integration tests.

FAQ

Will you run my code or only inspect it statically?

I inspect code statically based on the files or snippets you provide. Share execution logs or sample inputs if you want runtime behavior considered.

Do you fix style or formatting?

I focus on substantive issues and actionable fixes. For style and formatting, use linters and formatters; I can note major readability problems but won’t nitpick style.

How do you prioritize findings?

Findings are prioritized from critical security and functional bugs first, then performance, then quality and minor suggestions.