playbooks

home / skills / enoch-robinson / agent-skill-collection / code-review

code-review skill

/skills/development/code-review

This skill performs professional, comprehensive code reviews to improve quality, security, performance, and maintainability across Python projects.

npx playbooks add skill enoch-robinson/agent-skill-collection --skill code-review

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.7 KB
---
name: code-review
description: 专业代码审查技能。当用户需要审查代码、检查 PR、评估代码质量、发现潜在问题或提供改进建议时使用此技能。
---

# Code Review

执行专业、全面的代码审查,关注代码质量、安全性、性能和可维护性。

## 审查流程

1. **理解上下文**:了解代码的目的和业务背景
2. **结构审查**:检查整体架构和设计模式
3. **逐行审查**:详细检查代码实现
4. **输出报告**:提供结构化的审查结果

## 审查维度

###🔒 安全性
- SQL 注入、XSS、CSRF 等漏洞
- 敏感信息泄露(密钥、密码硬编码)
- 输入验证和输出编码
- 权限和认证检查

### ⚡ 性能
- 算法复杂度(避免 O(n²) 等低效实现)
- 数据库查询优化(N+1 问题)
- 内存泄漏风险
- 不必要的重复计算

### 🧹 代码质量
- 命名规范(变量、函数、类)
- 函数长度(建议 < 50 行)
- 圈复杂度(建议 < 10)
- DRY 原则(避免重复代码)

### 📖 可维护性
- 注释和文档完整性
- 错误处理覆盖
- 测试覆盖率
- 依赖管理

## 输出格式

```markdown
## 代码审查报告

### 📊 总体评估
- 质量评分:X/10
- 风险等级:低/中/高

### 🚨 必须修复
1. [严重] 问题描述 - 文件:行号
   - 原因:...
   - 建议:...

###⚠️ 建议改进
1. [中等] 问题描述
   - 建议:...

### 💡 优化建议
1. 可选的改进点

### ✅ 亮点
- 代码中做得好的地方
```

## 审查原则

- **具体明确**:指出具体文件和行号
- **提供方案**:不只指出问题,还要给出解决建议
- **区分优先级**:区分必须修复和可选优化
- **保持尊重**:对事不对人,使用建设性语言

Overview

This skill performs professional, comprehensive code reviews focused on quality, security, performance, and maintainability. It produces structured reports with prioritized findings and actionable fixes. The goal is to help teams ship safer, faster, and more maintainable code while preserving constructive feedback.

How this skill works

I start by understanding the feature purpose and repository context, then inspect architecture, design patterns, and coding style. I perform line-by-line checks for bugs, security issues, and performance pitfalls, and evaluate tests and dependency management. The output is a prioritized review report that lists must-fix issues, suggested improvements, optimization ideas, and highlights.

When to use it

  • Before merging a pull request that changes core logic or security-sensitive paths
  • When onboarding a new contributor to ensure code matches project standards
  • During refactors to catch regressions and maintain performance
  • For periodic code health audits across modules or services
  • When preparing for production releases to reduce incident risk

Best practices

  • Provide context: include PR description, design notes, and test plan with the review request
  • Attach specific file paths and line ranges for each finding to make fixes fast
  • Prioritize fixes as must-fix, recommended, or optional to guide engineering effort
  • Offer concrete remediation steps and short code examples when possible
  • Keep feedback respectful and focused on the code, not the author

Example use cases

  • Review a Django API PR for SQL injection, authentication, and query efficiency
  • Audit a new microservice for dependency risks, memory leaks, and test coverage gaps
  • Evaluate a performance-critical loop for algorithmic complexity and caching opportunities
  • Assess frontend code for XSS, CSRF, input validation, and secure state handling
  • Scan a config or deployment change for secrets leakage or insecure defaults

FAQ

What does a typical report include?

A summary score and risk level, a prioritized list of must-fix issues with file/line references, recommended improvements, optional optimizations, and positive highlights.

Can you provide fixes, not just problems?

Yes. Each issue includes the root cause and suggested remediation steps or small code snippets when applicable.

How do you handle security-sensitive disclosures?

I flag sensitive findings clearly and recommend private communication and immediate remediation steps for secrets or critical vulnerabilities.