edpachecojr/code-review-checklist
.agent/skills/code-review-checklist/SKILL.md
Code review guidelines covering code quality, security, and best practices.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add edpachecojr/sentinel code-review-checklistInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 10:59 PM133.8s1 file scanned
SKILL.md
- name:
- code-review-checklist
- description:
- Code review guidelines covering code quality, security, and best practices.
- allowed-tools:
- Read, Glob, Grep
Code Review Checklist
Quick Review Checklist
Correctness
- [ ] Code does what it's supposed to do
- [ ] Edge cases handled
- [ ] Error handling in place
- [ ] No obvious bugs
Security
- [ ] Input validated and sanitized
- [ ] No SQL/NoSQL injection vulnerabilities
- [ ] No XSS or CSRF vulnerabilities
- [ ] No hardcoded secrets or sensitive credentials
- [ ] AI-Specific: Protection against Prompt Injection (if applicable)
- [ ] AI-Specific: Outputs are sanitized before being used in critical sinks
Performance
- [ ] No N+1 queries
- [ ] No unnecessary loops
- [ ] Appropriate caching
- [ ] Bundle size impact considered
Code Quality
- [ ] Clear naming
- [ ] DRY - no duplicate code
- [ ] SOLID principles followed
- [ ] Appropriate abstraction level
Testing
- [ ] Unit tests for new code
- [ ] Edge cases tested
- [ ] Tests readable and maintainable
Documentation
- [ ] Complex logic commented
- [ ] Public APIs documented
- [ ] README updated if needed
AI & LLM Review Patterns (2025)
Logic & Hallucinations
- [ ] Chain of Thought: Does the logic follow a verifiable path?
- [ ] Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
- [ ] External State: Is the code making safe assumptions about file systems or networks?
Prompt Engineering Review
// ❌ Vague prompt in code
const response = await ai.generate(userInput);
// ✅ Structured & Safe prompt
const response = await ai.generate({
system: "You are a specialized parser...",
input: sanitize(userInput),
schema: ResponseSchema
});
Anti-Patterns to Flag
// ❌ Magic numbers
if (status === 3) { ... }
// ✅ Named constants
if (status === Status.ACTIVE) { ... }
// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }
// ✅ Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work
// ❌ Long functions (100+ lines)
// ✅ Small, focused functions
// ❌ any type
const data: any = ...
// ✅ Proper types
const data: UserData = ...
Review Comments Guide
// Blocking issues use 🔴
🔴 BLOCKING: SQL injection vulnerability here
// Important suggestions use 🟡
🟡 SUGGESTION: Consider using useMemo for performance
// Minor nits use 🟢
🟢 NIT: Prefer const over let for immutable variable
// Questions use ❓
❓ QUESTION: What happens if user is null here?
Related Skills
edpachecojr/web-design-guidelines
development
VerifiedTrustedCommunity
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
SKILL.mdUpdated Apr 17, 2026
edpachecojr/ui-ux-pro-max
tools
VerifiedTrustedCommunity
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 9 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient. Integrations: shadcn/ui MCP for component search and examples.
SKILL.mdUpdated Apr 17, 2026
edpachecojr/two-factor-authentication-best-practices
tools
VerifiedTrustedCommunity
Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin. Use when users need MFA, multi-factor authentication, authenticator setup, or login security with Better Auth.
SKILL.mdUpdated Apr 17, 2026
edpachecojr/testing-patterns
testing
VerifiedTrustedCommunity
Testing patterns and principles. Unit, integration, mocking strategies.
SKILL.mdUpdated Apr 17, 2026