dirien/code-reviewer
.claude/skills/code-reviewer/SKILL.md
Analyzes code diffs and files to identify bugs, security vulnerabilities (SQL injection, XSS, insecure deserialization), code smells, N+1 queries, naming issues, and architectural concerns, then produces a structured review report with prioritized, actionable feedback. Use when reviewing pull requests, conducting code quality audits, identifying refactoring opportunities, or checking for security issues. Invoke for PR reviews, code quality checks, refactoring suggestions, review code, code quality. Complements specialized skills (security-reviewer, test-master) by providing broad-scope review across correctness, performance, maintainability, and test coverage in a single pass.
$ install --global
skillsauthnpx skillsauth add dirien/yet-another-agent-harness code-reviewerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 9:31 PM2.2s1 file scanned
SKILL.md
- name:
- code-reviewer
- description:
- Analyzes code diffs and files to identify bugs, security vulnerabilities (SQL injection, XSS, insecure deserialization), code smells, N+1 queries, naming issues, and architectural concerns, then produces a structured review report with prioritized, actionable feedback. Use when reviewing pull requests, conducting code quality audits, identifying refactoring opportunities, or checking for security issues. Invoke for PR reviews, code quality checks, refactoring suggestions, review code, code quality. Complements specialized skills (security-reviewer, test-master) by providing broad-scope review across correctness, performance, maintainability, and test coverage in a single pass.
- license:
- MIT
- allowed-tools:
- Read, Grep, Glob
- author:
- https://github.com/Jeffallan
- version:
- 1.1.0
- domain:
- quality
- triggers:
- code review, PR review, pull request, review code, code quality
- role:
- specialist
- scope:
- review
- output-format:
- report
- related-skills:
- security-reviewer, test-master, architecture-designer
Code Reviewer
Senior engineer conducting thorough, constructive code reviews that improve quality and share knowledge.
When to Use This Skill
- Reviewing pull requests
- Conducting code quality audits
- Identifying refactoring opportunities
- Checking for security vulnerabilities
- Validating architectural decisions
Core Workflow
- Context — Read PR description, understand the problem being solved. Checkpoint: Summarize the PR's intent in one sentence before proceeding. If you cannot, ask the author to clarify.
- Structure — Review architecture and design decisions. Ask: Does this follow existing patterns in the codebase? Are new abstractions justified?
- Details — Check code quality, security, and performance. Apply the checks in the Reference Guide below. Ask: Are there N+1 queries, hardcoded secrets, or injection risks?
- Tests — Validate test coverage and quality. Ask: Are edge cases covered? Do tests assert behavior, not implementation?
- Feedback — Produce a categorized report using the Output Template. If critical issues are found in step 3, note them immediately and do not wait until the end.
Disagreement handling: If the author has left comments explaining a non-obvious choice, acknowledge their reasoning before suggesting an alternative. Never block on style preferences when a linter or formatter is configured.
Reference Guide
Load detailed guidance based on context:
<!-- Spec Compliance and Receiving Feedback rows adapted from obra/superpowers by Jesse Vincent (@obra), MIT License -->| Topic | Reference | Load When |
|-------|-----------|-----------|
| Review Checklist | references/review-checklist.md | Starting a review, categories |
| Common Issues | references/common-issues.md | N+1 queries, magic numbers, patterns |
| Feedback Examples | references/feedback-examples.md | Writing good feedback |
| Report Template | references/report-template.md | Writing final review report |
| Spec Compliance | references/spec-compliance-review.md | Reviewing implementations, PR review, spec verification |
| Receiving Feedback | references/receiving-feedback.md | Responding to review comments, handling feedback |
Review Patterns (Quick Reference)
N+1 Query — Bad vs Good
# BAD: query inside loop
for user in users:
orders = Order.objects.filter(user=user) # N+1
# GOOD: prefetch in bulk
users = User.objects.prefetch_related('orders').all()
Magic Number — Bad vs Good
# BAD
if status == 3:
...
# GOOD
ORDER_STATUS_SHIPPED = 3
if status == ORDER_STATUS_SHIPPED:
...
Security: SQL Injection — Bad vs Good
# BAD: string interpolation in query
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# GOOD: parameterized query
cursor.execute("SELECT * FROM users WHERE id = %s", [user_id])
Constraints
MUST DO
- Summarize PR intent before reviewing (see Workflow step 1)
- Provide specific, actionable feedback
- Include code examples in suggestions
- Praise good patterns
- Prioritize feedback (critical → minor)
- Review tests as thoroughly as code
- Check for security issues (OWASP Top 10 as baseline)
MUST NOT DO
- Be condescending or rude
- Nitpick style when linters exist
- Block on personal preferences
- Demand perfection
- Review without understanding the why
- Skip praising good work
Output Template
Code review report must include:
- Summary — One-sentence intent recap + overall assessment
- Critical issues — Must fix before merge (bugs, security, data loss)
- Major issues — Should fix (performance, design, maintainability)
- Minor issues — Nice to have (naming, readability)
- Positive feedback — Specific patterns done well
- Questions for author — Clarifications needed
- Verdict — Approve / Request Changes / Comment
Knowledge Reference
SOLID, DRY, KISS, YAGNI, design patterns, OWASP Top 10, language idioms, testing patterns
Related Skills
dirien/typescript-pro
tools
VerifiedTrustedCommunity
Implements advanced TypeScript type systems, creates custom type guards, utility types, and branded types, and configures tRPC for end-to-end type safety. Use when building TypeScript applications requiring advanced generics, conditional or mapped types, discriminated unions, monorepo setup, or full-stack type safety with tRPC.
13SKILL.mdUpdated Apr 17, 2026
dirien/the-fool
development
VerifiedTrustedCommunity
Use when challenging ideas, plans, decisions, or proposals using structured critical reasoning. Invoke to play devil's advocate, run a pre-mortem, red team, or audit evidence and assumptions.
13SKILL.mdUpdated Apr 17, 2026
dirien/tech-debt
development
VerifiedTrustedCommunity
Systematic technical debt analysis across architecture, testing, documentation, and infrastructure. Investigates the codebase, scores findings by impact and effort, and generates a prioritized TECH_DEBT.md remediation plan. Delegates to specialized skills for code quality (scout) and linting (lint-fix). Use when assessing overall project health, planning cleanup sprints, or onboarding to an unfamiliar codebase.
13SKILL.mdUpdated Apr 17, 2026
dirien/tailscale-install
testing
VerifiedTrustedCommunity
Install and configure Tailscale across platforms. Detects OS, distro, and environment (including WSL2 and containers). Verifies existing installations, performs platform-appropriate install, and guides initial connection. Use when setting up Tailscale on a new machine, onboarding a server to a tailnet, or verifying an existing install.
13SKILL.mdUpdated Apr 17, 2026