aiskillstore/code-review
skills/89jobrien/code-review/SKILL.md
Expert code review specialist for quality, security, and maintainability. Use when reviewing code changes, ensuring high development standards, or conducting security audits. Provides actionable feedback organized by priority.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 28, 2026, 1:34 PM35.8s4 files scanned
SKILL.md
- name:
- code-review
- description:
- Expert code review specialist for quality, security, and maintainability.
- author:
- Joseph OBrien
- status:
- unpublished
- updated:
- 2025-12-23
- version:
- 1.0.1
- tag:
- skill
- type:
- skill
Code Review
This skill provides expert code review capabilities focusing on code quality, security vulnerabilities, and maintainability. It analyzes code changes and provides prioritized, actionable feedback.
When to Use This Skill
- After writing or modifying code to ensure quality standards
- Before merging pull requests or deploying changes
- When conducting security audits or vulnerability assessments
- When establishing code quality standards for a project
- When reviewing code for performance optimizations
- When ensuring code follows project conventions and best practices
What This Skill Does
- Analyzes Code Changes: Reviews git diffs and modified files to understand what changed
- Security Auditing: Identifies exposed secrets, API keys, and security vulnerabilities
- Quality Assessment: Evaluates code readability, maintainability, and best practices
- Performance Review: Identifies potential performance issues and optimization opportunities
- Standards Compliance: Ensures code follows project conventions and style guidelines
- Prioritized Feedback: Organizes findings by severity (Critical, Warnings, Suggestions)
How to Use
Basic Code Review
Review the recent code changes in this branch
Check this file for security issues and code quality
Review Specific Files
Review src/auth.js for security vulnerabilities
Review the changes in this pull request
Review Process
1. Analyze Changes
When invoked:
-
Get Recent Changes: Run
git diffto see what changedgit diff $(git merge-base HEAD main)..HEAD -
Focus on Modified Files: Prioritize files with actual changes
-
Review Context: Understand the purpose of changes from commit messages or conversation
2. Review Checklist
For each file, check:
Code Quality:
- Code is simple and readable
- Functions and variables are well-named
- No duplicated code
- Proper error handling
- Good test coverage
- Performance considerations addressed
Security:
- No exposed secrets or API keys
- Input validation implemented
- Proper authentication/authorization
- Safe handling of user input
- No SQL injection or XSS vulnerabilities
Maintainability:
- Consistent code style
- Appropriate comments (not excessive)
- Clear function/method structure
- Proper separation of concerns
- No unnecessary complexity
Best Practices:
- Follows framework/library conventions
- Proper use of design patterns
- Efficient algorithms and data structures
- Appropriate use of async/await or promises
- Proper resource cleanup
3. Organize Feedback
Provide feedback in three priority levels:
Critical Issues (Must Fix):
- Security vulnerabilities
- Bugs that will cause failures
- Code that breaks existing functionality
- Performance issues that will impact users
Warnings (Should Fix):
- Code quality issues that affect maintainability
- Potential bugs or edge cases
- Performance optimizations
- Missing error handling
- Incomplete test coverage
Suggestions (Consider Improving):
- Code style improvements
- Refactoring opportunities
- Documentation enhancements
- Best practice recommendations
- Minor optimizations
4. Provide Specific Examples
For each issue found:
- Location: File path and line number
- Issue: Clear description of the problem
- Impact: Why this matters
- Fix: Specific code example showing how to fix it
- Rationale: Explanation of why the fix is better
Examples
Example 1: Security Issue Found
Input: Review src/api/auth.js
Output:
## Code Review: src/api/auth.js
### Critical Issues
**1. Exposed API Key**
- **Location**: `src/api/auth.js:23`
- **Issue**: Hardcoded API key in source code
- **Code**:
```javascript
const API_KEY = "sk_live_1234567890abcdef"; // ❌ Exposed secret
-
Fix: Use environment variables
const API_KEY = process.env.API_KEY; // ✅ Secure -
Impact: This exposes your API key in version control, allowing unauthorized access
Warnings
2. Missing Input Validation
- Location:
src/api/auth.js:45 - Issue: No validation on user input before processing
- Recommendation: Add input validation before authentication
Example 2: Code Quality Review
Input: Review recent changes
Output:
## Code Review Summary
**Files Reviewed**: 5
**Critical Issues**: 0
**Warnings**: 3
**Suggestions**: 5
### Warnings
**1. Duplicated Code**
- **Files**: `src/utils/format.js:12-25` and `src/utils/display.js:8-21`
- **Issue**: Same formatting logic duplicated
- **Fix**: Extract to shared utility function
**2. Missing Error Handling**
- **Location**: `src/api/users.js:34`
- **Issue**: No try/catch for async operation
- **Fix**: Add proper error handling
### Suggestions
**1. Improve Variable Naming**
- **Location**: `src/components/List.jsx:15`
- **Current**: `const d = data.map(...)`
- **Suggested**: `const formattedItems = data.map(...)`
Reference Files
For comprehensive review checklists, load reference files as needed:
references/review_checklist.md- Detailed checklists for security, code quality, performance, testing, documentation, and best practicesreferences/CODE_ANALYSIS.template.md- Code analysis report template with security, performance, and maintainability sections
When conducting thorough reviews, load references/review_checklist.md and use the appropriate checklist sections.
Best Practices
Review Focus Areas
- Security First: Always check for security vulnerabilities first
- Context Matters: Understand the purpose of changes before reviewing
- Be Constructive: Provide actionable feedback, not just criticism
- Prioritize: Focus on critical issues that must be fixed
- Explain Why: Help developers understand the reasoning behind suggestions
Review Guidelines
- Be Specific: Point to exact lines and provide code examples
- Be Balanced: Acknowledge good code as well as issues
- Be Practical: Consider the context and urgency of changes
- Be Educational: Help developers learn and improve
- Be Consistent: Apply the same standards across all reviews
Common Patterns to Check
Security:
- Hardcoded secrets or credentials
- SQL injection vulnerabilities
- XSS vulnerabilities
- Missing authentication/authorization
- Insecure random number generation
Code Quality:
- Code duplication
- Magic numbers without constants
- Deeply nested conditionals
- Functions that do too much
- Poor error messages
Performance:
- N+1 query problems
- Missing indexes
- Inefficient algorithms
- Unnecessary re-renders (React)
- Memory leaks
Related Use Cases
- Pre-commit code reviews
- Pull request reviews
- Security audits
- Code quality assessments
- Onboarding new team members
- Establishing coding standards
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026