playbooks

home / skills / laurigates / claude-plugins / code-review

code-review skill

/code-quality-plugin/skills/code-review

This skill delegates a comprehensive code review to the code-review agent, analyzing quality, security, performance, architecture, and test coverage.

npx playbooks add skill laurigates/claude-plugins --skill code-review

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.5 KB
---
model: opus
created: 2025-12-16
modified: 2026-01-25
reviewed: 2026-01-25
allowed-tools: Task, TodoWrite, Glob, Read
description: Perform comprehensive code review with automated fixes
argument-hint: "[PATH]"
name: code-review
---

## Context

- Review path: `$1` (defaults to current directory if not specified)

## Parameters

- `$1`: Path to review (defaults to current directory)

## Your task

**Delegate this task to the `code-review` agent.**

Use the Task tool with `subagent_type: code-review` to perform a comprehensive code review.

First, use the Glob tool to discover source files to review:
- `**/*.py`, `**/*.js`, `**/*.ts`, `**/*.go`, `**/*.rs` for source files
- `**/*test*` patterns for test files
Then pass the discovered files to the agent.

The code-review agent should:

1. **Analyze code quality**:
   - Naming conventions and readability
   - Code structure and maintainability
   - SOLID principles adherence

2. **Security assessment**:
   - Input validation vulnerabilities
   - Authentication and authorization issues
   - Secrets and sensitive data exposure

3. **Performance evaluation**:
   - Bottlenecks and inefficiencies
   - Memory usage patterns
   - Optimization opportunities

4. **Architecture review**:
   - Design patterns usage
   - Component coupling
   - Dependency management

5. **Test coverage gaps**:
   - Missing test cases
   - Edge cases not covered
   - Integration test needs

6. **Apply fixes** where appropriate and safe

7. **Generate report** with:
   - Summary of issues found/fixed
   - Remaining manual interventions needed
   - Improvement recommendations

Provide the agent with:
- The review path from context
- Project type (language/framework)
- Any specific focus areas requested

The agent has expertise in:
- Multi-language code analysis (Python, TypeScript, Go, Rust)
- LSP integration for accurate diagnostics
- Security vulnerability patterns (OWASP)
- Performance analysis and optimization

## Agent Teams (Optional)

For comprehensive review of large codebases, spawn specialized review teammates in parallel:

| Teammate | Focus | Value |
|----------|-------|-------|
| Security reviewer | OWASP, secrets, auth flaws | Deep security analysis without blocking quality review |
| Performance reviewer | N+1 queries, algorithmic complexity, resource leaks | Performance-focused review in parallel |
| Correctness reviewer | Logic errors, edge cases, type safety | Functional correctness in parallel |

This is optional — the skill works without agent teams for standard reviews.

Overview

This skill performs a comprehensive code review and applies safe automated fixes across multi-language projects. It discovers relevant source and test files, runs layered analyses for quality, security, performance, architecture, and testing gaps, then generates a concise actionable report. The output highlights fixes applied, remaining manual steps, and prioritized recommendations.

How this skill works

The skill first discovers files using configurable glob patterns (Python, JavaScript/TypeScript, Go, Rust, and test files) starting from the provided path. It delegates analysis to a dedicated code-review agent that runs static analysis, LSP diagnostics, security pattern checks, performance heuristics, and architecture inspections. Where safe, the agent applies automated fixes and records changes. Finally, it synthesizes a summary report with issues found, fixes made, and follow-up recommendations.

When to use it

  • Before pull request merge to catch regressions and style issues
  • During sprint code health checks to find architecture and performance debt
  • Prior to security audits to surface OWASP-style vulnerabilities and secrets
  • When adding new features to detect integration or test gaps
  • On large refactors to ensure SOLID principles and maintainability

Best practices

  • Provide the repository or path to review as the first parameter; default is current directory
  • Specify focus areas (security, performance, tests) for targeted analysis
  • Run reviews on a CI job to ensure automated checks for every PR
  • Review the generated report and approve automated fixes before merging
  • For large codebases, enable specialized reviewer teammates (security, performance, correctness) in parallel

Example use cases

  • Run a pre-merge comprehensive review on a Python microservice to detect input validation and missing tests
  • Audit a TypeScript frontend for secrets, auth issues, and UI performance bottlenecks
  • Review a Go backend to find concurrency and memory usage problems and apply safe optimizations
  • Assess a mixed-language monorepo for architecture coupling and recommend modularization
  • Detect missing integration tests and generate test TODOs for edge cases

FAQ

What path does the review use by default?

If no path is provided, the skill reviews the current directory.

Which file types are discovered automatically?

It targets .py, .js, .ts, .go, .rs source files and common test file patterns to identify tests.