playbooks

home / skills / popup-studio-ai / bkit-claude-code / code-review

code-review skill

/skills/code-review

This skill analyzes code quality and detects bugs with actionable feedback to improve reliability and maintainability.

npx playbooks add skill popup-studio-ai/bkit-claude-code --skill code-review

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
3.3 KB
---
name: code-review
description: |
  Code review skill for analyzing code quality, detecting bugs, and ensuring best practices.
  Provides comprehensive code review with actionable feedback.

  Use proactively when user requests code review, quality check, or bug detection.

  Triggers: code review, review code, check code, analyze code, bug detection,
  코드 리뷰, 코드 검토, 버그 검사, コードレビュー, バグ検出, 代码审查, 代码检查,
  revisión de código, revisar código, detección de errores,
  revue de code, réviser le code, détection de bugs,
  Code-Review, Code überprüfen, Fehlererkennung,
  revisione del codice, rivedere codice, rilevamento bug

  Do NOT use for: design document creation, deployment tasks, or gap analysis (use phase-8-review).
argument-hint: "[file|directory|pr]"
user-invocable: true
agent: bkit:code-analyzer
allowed-tools:
  - Read
  - Glob
  - Grep
  - LSP
  - Task
  - Bash
imports:
  - ${PLUGIN_ROOT}/templates/pipeline/phase-8-review.template.md
next-skill: null
pdca-phase: check
task-template: "[Code-Review] {feature}"
# hooks: Managed by hooks/hooks.json (unified-stop.js) - GitHub #9354 workaround
---

# Code Review Skill

> Skill for code quality analysis and review

## Arguments

| Argument | Description | Example |
|----------|-------------|---------|
| `[file]` | Review specific file | `/code-review src/lib/auth.ts` |
| `[directory]` | Review entire directory | `/code-review src/features/` |
| `[pr]` | PR review (PR number) | `/code-review pr 123` |

## Review Categories

### 1. Code Quality
- Duplicate code detection
- Function/file complexity analysis
- Naming convention check
- Type safety verification

### 2. Bug Detection
- Potential bug pattern detection
- Null/undefined handling check
- Error handling inspection
- Boundary condition verification

### 3. Security
- XSS/CSRF vulnerability check
- SQL Injection pattern detection
- Sensitive information exposure check
- Authentication/authorization logic review

### 4. Performance
- N+1 query pattern detection
- Unnecessary re-render check
- Memory leak pattern detection
- Optimization opportunity identification

## Review Output Format

```
## Code Review Report

### Summary
- Files reviewed: N
- Issues found: N (Critical: N, Major: N, Minor: N)
- Score: N/100

### Critical Issues
1. [FILE:LINE] Issue description
   Suggestion: ...

### Major Issues
...

### Minor Issues
...

### Recommendations
- ...
```

## Agent Integration

This Skill calls the `code-analyzer` Agent for in-depth code analysis.

| Agent | Role |
|-------|------|
| code-analyzer | Code quality, security, performance analysis |

## Usage Examples

```bash
# Review specific file
/code-review src/lib/auth.ts

# Review entire directory
/code-review src/features/user/

# PR review
/code-review pr 42

# Review current changes
/code-review staged
```

## Confidence-Based Filtering

code-analyzer Agent uses confidence-based filtering:

| Confidence | Display | Description |
|------------|---------|-------------|
| High (90%+) | Always shown | Definite issues |
| Medium (70-89%) | Selectively shown | Possible issues |
| Low (<70%) | Hidden | Uncertain suggestions |

## PDCA Integration

- **Phase**: Check (Quality verification)
- **Trigger**: Auto-suggested after implementation
- **Output**: docs/03-analysis/code-review-{date}.md

Overview

This skill performs automated code review to assess code quality, detect bugs, and recommend actionable fixes. It provides structured reports with severity labeling and a numerical score to help prioritize work. Use it to verify security, performance, and maintainability before merging changes.

How this skill works

The skill inspects specified files, directories, or pull requests and runs a layered analysis for quality, bugs, security, and performance patterns. It summarizes findings into Critical/Major/Minor buckets, includes file/line references, and generates recommendations and a score. Confidence thresholds filter suggestions so high-confidence issues are always shown while lower-confidence items are presented selectively.

When to use it

  • Before merging a pull request to catch regressions and security problems
  • After implementing features to validate error handling and boundary cases
  • When assessing code health across a module or repository
  • During sprint reviews as the automated "check" in PDCA quality cycles
  • To audit performance hotspots or potential memory leaks

Best practices

  • Run reviews on staged changes or PRs for targeted feedback
  • Provide context (entry files or directories) to focus analysis and reduce noise
  • Triage Critical issues first, then address Major items and document Minor fixes
  • Combine with manual review for architecture and design decisions
  • Use the report score and trends to track code quality improvements over time

Example use cases

  • Review a single file for type safety and error handling before commit
  • Run a directory scan to detect duplicate logic and naming inconsistencies
  • Perform a PR review to surface XSS/SQL injection patterns and auth issues
  • Scan recent changes for N+1 query patterns and unnecessary re-renders
  • Generate a dated code-review report to include in PDCA Check-phase documentation

FAQ

What inputs does the skill accept?

You can review a specific file, an entire directory, a pull request by number, or staged changes. Provide the target path or PR identifier when invoking the skill.

How are issues prioritized?

Findings are labeled Critical, Major, or Minor and scored numerically. The analyzer uses confidence-based filtering so high-confidence issues are always shown; medium-confidence items are selective.