giladresisi/code-review
skills/code-review/SKILL.md
Use when performing a technical pre-commit code review on recently changed files for bugs, security issues, and standards compliance
$ install --global
skillsauthnpx skillsauth add giladresisi/ai-dev-env code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 3, 2026, 6:26 AM52.5s1 file scanned
SKILL.md
- name:
- code-review
- description:
- Use when performing a technical pre-commit code review on recently changed files for bugs, security issues, and standards compliance
Perform technical code review on recently changed files.
Core Principles
Review Philosophy:
- Simplicity is the ultimate sophistication - every line should justify its existence
- Code is read far more often than it's written - optimize for readability
- The best code is often the code you don't write
- Elegance emerges from clarity of intent and economy of expression
What to Review
Start by gathering codebase context to understand the codebase standards and patterns.
Start by examining:
- CLAUDE.md (project-specific, usually at project root or
.claude/CLAUDE.md) and~/.claude/CLAUDE.md(global user standards) - README.md
- Standards documentation: look for
/docs,/core, or any dedicated standards directories — not all projects use this convention; the primary source is always CLAUDE.md
After you have a good understanding
Run these commands:
git status
git diff HEAD
git diff --stat HEAD
Then check the list of new files:
git ls-files --others --exclude-standard
Read each new file in its entirety. Read each changed file in its entirety (not just the diff) to understand full context.
For each changed file or new file, analyze for:
-
Logic Errors
- Off-by-one errors
- Incorrect conditionals
- Missing error handling
- Race conditions
-
Security Issues
- SQL injection vulnerabilities
- XSS vulnerabilities
- Insecure data handling
- Exposed secrets or API keys
- Hardcoded endpoint URLs — any new
http://localhost:…orhttp://<host>:…literal is a mandatory spot-check: verify the path matches the server's registered routes (checkmain.pymount/router registrations). Incorrect URLs cause silent tool-call failures; flag as high severity if unverified.
-
Performance Problems
- N+1 queries
- Inefficient algorithms
- Memory leaks
- Unnecessary computations
-
Code Quality
- Violations of DRY principle
- Overly complex functions
- Poor naming
- Missing type hints/annotations
-
Adherence to Codebase Standards and Existing Patterns
- Adherence to standards documented in the /docs directory
- Linting, typing, and formatting standards
- Logging standards
- Testing standards
Verify Issues Are Real
- Run specific tests for issues found
- Confirm type errors are legitimate
- Validate security concerns with context
Before reporting test failures as issues: Determine whether the failure is pre-existing (existed before this changeset) by:
- Checking for an execution report at
.agents/execution-reports/— it will note pre-existing failures if the executor ran a baseline test - Running
git stash && <test command> && git stash popif no execution report exists
Do not report pre-existing test failures as issues introduced by the current changeset. Mark them separately as "Pre-existing Failures" with a brief root cause note.
Output Format
Save a new file to .agents/code-reviews/[appropriate-name].md
Stats:
- Files Modified: 0
- Files Added: 0
- Files Deleted: 0
- New lines: 0
- Deleted lines: 0
For each issue found:
severity: critical|high|medium|low
file: path/to/file.py
line: 42
issue: [one-line description]
detail: [explanation of why this is a problem]
suggestion: [how to fix it]
If no issues found: "Code review passed. No technical issues detected."
Important
- Be specific (line numbers, not vague complaints)
- Focus on real bugs, not style
- Suggest fixes, don't just complain
- Flag security issues as CRITICAL
Related Skills
giladresisi/new-co-trader-worktree
testing
VerifiedTrustedCommunity
Creates a new git worktree in the auto-co-trader project for any purpose — optimization, regression, backtesting, brainstorming, etc. Use this skill when the user wants to CREATE or SET UP a new worktree — phrases like "prepare a new worktree", "set up a worktree", "create a new worktree for <purpose>", "prep a new worktree", "new worktree for autoresearch", "prepare optimization from [strategy]", or "create a worktree using [strategy]". Do NOT use this skill when the user is already in a worktree and wants to start/run/begin a task — that is handled by the relevant program file in the worktree session.
2SKILL.mdUpdated May 9, 2026
giladresisi/validate
development
VerifiedTrustedCommunity
Use when running comprehensive project validation including tests, type checking, linting, API connectivity checks, and server startup verification
2SKILL.mdUpdated May 3, 2026
giladresisi/system-review
research
VerifiedTrustedCommunity
Use when performing a meta-level analysis of plan adherence after implementation to identify process improvements and suggest CLAUDE.md updates
2SKILL.mdUpdated May 3, 2026
giladresisi/github_bug_fix:rca
documentation
VerifiedTrustedCommunity
Use when investigating a GitHub issue to identify root cause, assess impact, and create a fix strategy document
2SKILL.mdUpdated May 3, 2026