Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

KeremKalyoncu/code-review-checklist

Name: code-review-checklist
Author: KeremKalyoncu

.agents/skills/code-review-checklist/SKILL.md

npx skillsauth add KeremKalyoncu/Envanter-Stok-Takibi code-review-checklist

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Code Review Checklist

Quick Review Checklist

Correctness

[ ] Code does what it's supposed to do
[ ] Edge cases handled
[ ] Error handling in place
[ ] No obvious bugs

Security

[ ] Input validated and sanitized
[ ] No SQL/NoSQL injection vulnerabilities
[ ] No XSS or CSRF vulnerabilities
[ ] No hardcoded secrets or sensitive credentials
[ ] AI-Specific: Protection against Prompt Injection (if applicable)
[ ] AI-Specific: Outputs are sanitized before being used in critical sinks

Performance

[ ] No N+1 queries
[ ] No unnecessary loops
[ ] Appropriate caching
[ ] Bundle size impact considered

Code Quality

[ ] Clear naming
[ ] DRY - no duplicate code
[ ] SOLID principles followed
[ ] Appropriate abstraction level

Testing

[ ] Unit tests for new code
[ ] Edge cases tested
[ ] Tests readable and maintainable

Documentation

[ ] Complex logic commented
[ ] Public APIs documented
[ ] README updated if needed

AI & LLM Review Patterns (2025)

Logic & Hallucinations

[ ] Chain of Thought: Does the logic follow a verifiable path?
[ ] Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
[ ] External State: Is the code making safe assumptions about file systems or networks?

Prompt Engineering Review

// ❌ Vague prompt in code
const response = await ai.generate(userInput);

// ✅ Structured & Safe prompt
const response = await ai.generate({
  system: "You are a specialized parser...",
  input: sanitize(userInput),
  schema: ResponseSchema
});

Anti-Patterns to Flag

// ❌ Magic numbers
if (status === 3) { ... }

// ✅ Named constants
if (status === Status.ACTIVE) { ... }

// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }

// ✅ Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work

// ❌ Long functions (100+ lines)
// ✅ Small, focused functions

// ❌ any type
const data: any = ...

// ✅ Proper types
const data: UserData = ...

Review Comments Guide

// Blocking issues use 🔴
🔴 BLOCKING: SQL injection vulnerability here

// Important suggestions use 🟡
🟡 SUGGESTION: Consider using useMemo for performance

// Minor nits use 🟢
🟢 NIT: Prefer const over let for immutable variable

// Questions use ❓
❓ QUESTION: What happens if user is null here?

KeremKalyoncu/code-review-checklist

.agents/skills/code-review-checklist/SKILL.md

Code review guidelines covering code quality, security, and best practices.

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add KeremKalyoncu/Envanter-Stok-Takibi code-review-checklist

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 15, 2026, 10:59 PM133.8s1 file scanned

SKILL.md

name:: code-review-checklist
description:: Code review guidelines covering code quality, security, and best practices.
allowed-tools:: Read, Glob, Grep

Code Review Checklist

Quick Review Checklist

Correctness

[ ] Code does what it's supposed to do
[ ] Edge cases handled
[ ] Error handling in place
[ ] No obvious bugs

Security

[ ] Input validated and sanitized
[ ] No SQL/NoSQL injection vulnerabilities
[ ] No XSS or CSRF vulnerabilities
[ ] No hardcoded secrets or sensitive credentials
[ ] AI-Specific: Protection against Prompt Injection (if applicable)
[ ] AI-Specific: Outputs are sanitized before being used in critical sinks

Performance

[ ] No N+1 queries
[ ] No unnecessary loops
[ ] Appropriate caching
[ ] Bundle size impact considered

Code Quality

[ ] Clear naming
[ ] DRY - no duplicate code
[ ] SOLID principles followed
[ ] Appropriate abstraction level

Testing

[ ] Unit tests for new code
[ ] Edge cases tested
[ ] Tests readable and maintainable

Documentation

[ ] Complex logic commented
[ ] Public APIs documented
[ ] README updated if needed

AI & LLM Review Patterns (2025)

Logic & Hallucinations

[ ] Chain of Thought: Does the logic follow a verifiable path?
[ ] Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
[ ] External State: Is the code making safe assumptions about file systems or networks?

Prompt Engineering Review

// ❌ Vague prompt in code
const response = await ai.generate(userInput);

// ✅ Structured & Safe prompt
const response = await ai.generate({
  system: "You are a specialized parser...",
  input: sanitize(userInput),
  schema: ResponseSchema
});

Anti-Patterns to Flag

// ❌ Magic numbers
if (status === 3) { ... }

// ✅ Named constants
if (status === Status.ACTIVE) { ... }

// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }

// ✅ Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work

// ❌ Long functions (100+ lines)
// ✅ Small, focused functions

// ❌ any type
const data: any = ...

// ✅ Proper types
const data: UserData = ...

Review Comments Guide

// Blocking issues use 🔴
🔴 BLOCKING: SQL injection vulnerability here

// Important suggestions use 🟡
🟡 SUGGESTION: Consider using useMemo for performance

// Minor nits use 🟢
🟢 NIT: Prefer const over let for immutable variable

// Questions use ❓
❓ QUESTION: What happens if user is null here?

Related Skills

KeremKalyoncu/webapp-testing

development

VerifiedTrustedCommunity

Web application testing principles. E2E, Playwright, deep audit strategies.

SKILL.mdUpdated Apr 16, 2026

KeremKalyoncu/webapp-testing

KeremKalyoncu/web-design-guidelines

development

VerifiedTrustedCommunity

Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".

SKILL.mdUpdated Apr 16, 2026

KeremKalyoncu/web-design-guidelines

KeremKalyoncu/vulnerability-scanner

testing

VerifiedTrustedCommunity

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

SKILL.mdUpdated Apr 16, 2026

KeremKalyoncu/vulnerability-scanner

KeremKalyoncu/testing-patterns

testing

VerifiedTrustedCommunity

Testing patterns and principles. Unit, integration, mocking strategies.

SKILL.mdUpdated Apr 16, 2026

KeremKalyoncu/testing-patterns

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/KeremKalyoncu/Envanter-Stok-Takibi.git

# Copy into Claude Code skills folder (global)
cp -r Envanter-Stok-Takibi/.agents/skills/code-review-checklist ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

KeremKalyoncu/Envanter-Stok-Takibi

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT