home / skills / shunsukehayashi / miyabi / code-reviewer
This skill reviews TypeScript code for correctness, security, performance, and maintainability to improve PR quality and code health.
npx playbooks add skill shunsukehayashi/miyabi --skill code-reviewerReview the files below or copy the command above to add this skill to your agents.
---
name: code-reviewer
description: Review code for best practices, bugs, security issues, and improvements. Use when reviewing code, checking PRs, or analyzing code quality.
allowed-tools: Bash, Read, Write, Grep, Glob
---
# Code Reviewer
**Version**: 1.0.0
**Purpose**: Comprehensive code review with quality scoring
---
## Triggers
| Trigger | Examples |
|---------|----------|
| Review request | "review this code", "check this PR", "コードレビューして" |
| Quality check | "is this code good?", "品質チェック" |
| Bug hunt | "find bugs", "バグを探して" |
---
## Review Checklist
### 1. Correctness
```typescript
// Check for off-by-one errors
for (let i = 0; i < array.length; i++) { } // Correct
for (let i = 0; i <= array.length; i++) { } // Bug
// Check null handling
const value = obj?.property ?? defaultValue;
```
- [ ] Logic is correct
- [ ] Edge cases handled
- [ ] Error handling present
- [ ] Null/undefined checks
### 2. Security
```typescript
// SQL injection prevention
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]); // Parameterized
// XSS prevention
const safe = DOMPurify.sanitize(userInput);
```
- [ ] Input validation
- [ ] No SQL injection
- [ ] No XSS vulnerabilities
- [ ] Secrets not hardcoded
### 3. Performance
```typescript
// Avoid N+1 queries
const users = await db.query(`
SELECT u.*, array_agg(o.*) as orders
FROM users u LEFT JOIN orders o ON u.id = o.user_id
GROUP BY u.id
`);
```
- [ ] No N+1 queries
- [ ] Proper indexing
- [ ] Efficient algorithms
- [ ] Memory management
### 4. Maintainability
- [ ] Clear naming
- [ ] Single responsibility
- [ ] DRY principle
- [ ] Proper types (TypeScript)
---
## Quality Score (100 points)
| Category | Weight | Criteria |
|----------|--------|----------|
| Correctness | 30 | Logic, edge cases, error handling |
| Security | 25 | OWASP Top 10 compliance |
| Performance | 20 | Efficiency, no bottlenecks |
| Maintainability | 15 | Readability, structure |
| Testing | 10 | Coverage, quality |
**Pass threshold**: 80+ points
---
## Output Format
```json
{
"score": 85,
"issues": [
{
"severity": "warning",
"file": "src/api.ts",
"line": 42,
"message": "Consider adding error handling"
}
],
"suggestions": ["Add unit tests", "Extract helper function"]
}
```
This skill reviews TypeScript and related code for correctness, security, performance, maintainability, and test coverage. It produces a numeric quality score, a prioritized list of issues with file/line context, and actionable suggestions for improvement. Use it to get fast, structured feedback on PRs, commits, or code snippets.
The reviewer inspects code for logic errors, edge-case handling, and null/undefined safety, then checks security patterns against common vulnerabilities like injection and XSS. It analyzes performance patterns (e.g., N+1 queries, inefficient algorithms), evaluates maintainability (naming, SRP, typing), and factors in test coverage to compute a weighted quality score out of 100. The output includes severity-tagged findings, file/line pointers when available, and clear remediation steps.
What languages and frameworks are supported?
Primary focus is TypeScript and common web stacks; it also reviews general JS patterns and backend query/ORM usage.
How is the quality score calculated?
A weighted rubric measures Correctness, Security, Performance, Maintainability, and Testing; each category contributes to the final 0–100 score with a configurable pass threshold (default 80).
Can it point to exact file and line numbers?
Yes. When provided with file context or a diff, the skill includes file and line information for findings; for snippets it reports the most relevant location and suggested fixes.