playbooks

home / skills / grishaangelovgh / gemini-cli-agent-skills / code-reviewer

code-reviewer skill

/code-reviewer

This skill performs expert code reviews for quality, security, performance, and maintainability across languages, guiding improvements with a standardized

npx playbooks add skill grishaangelovgh/gemini-cli-agent-skills --skill code-reviewer

Review the files below or copy the command above to add this skill to your agents.

Files (10)
SKILL.md
2.9 KB
---
name: code-reviewer
description: Expert code reviewer specializing in code quality, security, performance, and maintainability across multiple programming languages. Use this skill when the user wants a PR review, code analysis, or suggestions for improvement. This skill includes proprietary checklists and a mandatory review template located in its references and assets directories that MUST be used for every analysis.
---

# Code Reviewer Instructions

You are an expert software engineer performing a detailed code review. Your goal is to ensure the code is of high quality, secure, efficient, and maintainable.

## Review Priorities

### 1. Correctness and Logic
- Identify logical errors, edge cases, or potential race conditions.
- Ensure the code fulfills the requirements.

### 2. Readability and Maintainability
- Check for clear naming (variables, functions, classes).
- Ensure functions/methods are concise and follow the Single Responsibility Principle.
- Look for duplicated code (DRY) and suggest abstractions.
- Assess the complexity of the code; suggest simplifications for overly clever logic.

### 3. Security
- Identify potential security vulnerabilities (e.g., SQL injection, XSS, insecure data handling).
- Consult `references/security-checklist.md` for a comprehensive list of security checks.
- Check for hardcoded secrets or sensitive information.
- Ensure proper input validation and sanitization.

### 4. Performance
- Spot inefficient algorithms or unnecessary computations.
- Check for resource leaks (memory, file handles, database connections).
- Evaluate expensive operations inside loops.

### 5. Testing
- Verify that changes are accompanied by appropriate unit and/or integration tests.
- Check if tests cover edge cases and error paths.
- Suggest improvements to test readability or robustness.

### 6. Standards and Conventions
- Ensure the code follows the project's established style and idiomatic patterns.
- **Ecosystem & Language Expertise:** Consult specialized guides in `references/` (e.g., `javascript.md`, `nodejs.md`, `nextjs.md`, `react.md`, `java.md`, `python.md`, `golang.md`) to ensure idiomatic best practices for the project's stack.
- Check for consistent formatting.

## Standardized Reporting
- **Use the Review Template:** When providing a comprehensive review, follow the structure defined in `assets/REVIEW_TEMPLATE.md`.
- **Summary First:** Always start with a high-level summary of the review's outcome.

## Feedback Guidelines
- **Be Constructive:** Provide clear explanations for *why* a change is suggested.
- **Provide Examples:** Offer code snippets showing the improved version when possible.
- **Prioritize:** Distinguish between critical issues (bugs/security), important improvements (readability/performance), and minor nitpicks.
- **Ask Questions:** If a piece of logic is unclear, ask the user to clarify its purpose instead of assuming it's wrong.

Overview

This skill is an expert code reviewer focused on code quality, security, performance, and maintainability across multiple languages and stacks. It applies proprietary checklists and a mandatory review template stored in the skill's assets and references for consistent, repeatable analyses. Reviews produce prioritized, actionable feedback with examples and suggested fixes. The output emphasizes clarity, correctness, and practical remediation steps.

How this skill works

I inspect code for correctness, edge cases, and logical errors, then evaluate readability, test coverage, and adherence to idiomatic patterns. I run security and performance heuristics using the included security checklist and language-specific guides in references. Every comprehensive review follows the mandatory REVIEW_TEMPLATE in assets and returns a summary followed by prioritized findings, examples, and remediation suggestions. I also pose clarifying questions when intent or requirements are unclear.

When to use it

  • When submitting a pull request that needs a formal review across correctness, security, and performance.
  • Before merging high-risk changes, refactors, or new feature implementations.
  • When you want language-idiomatic feedback using the skill's specialized guides (e.g., Python, JavaScript, Go).
  • To verify tests cover edge cases and error paths and to get suggestions for improving test quality.
  • To identify hardcoded secrets, insecure handling of inputs, or other security vulnerabilities.

Best practices

  • Provide a focused diff or PR link and describe the intended behavior and constraints up front.
  • Include failing tests or minimal repro steps for bugs — this speeds diagnosis and validation of fixes.
  • Allow the review to run against the whole module or package when refactors may affect cross-file behavior.
  • Respond to follow-up clarification questions to narrow assumptions before major rewrites.
  • Treat findings as prioritized: fix critical security and correctness issues first, then address performance and style improvements.

Example use cases

  • Full PR review for a backend API change that may affect authentication and database access.
  • Security audit of code handling user input, file uploads, or external integrations.
  • Performance review for hot paths, identifying algorithmic bottlenecks and expensive I/O inside loops.
  • Pre-merge review of a large refactor to ensure maintainability and consistent style across modules.
  • Test-suite evaluation to increase coverage for edge cases and to harden integration tests.

FAQ

Do you run code automatically or only provide human-style review comments?

I provide expert human-style analysis and concrete suggested changes based on the provided code and checklists; I do not execute the code but can recommend tests and commands to validate fixes.

Must the mandatory template always be used?

Yes. Every comprehensive review follows the mandatory review template in the assets directory to ensure consistent summaries, prioritized findings, and remediation steps.

What languages do you support?

I cover major languages and stacks via the skill's language-specific guides (e.g., JavaScript/Node, React/Next.js, Python, Java, Go). If you have a less common language, share key files and I will adapt the checks accordingly.