laurigates/code-review
code-quality-plugin/skills/code-review/SKILL.md
Code review for quality, security, performance, and architecture. Use when reviewing code, auditing OWASP, checking SOLID, or finding perf bottlenecks and test gaps.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 8:02 AM172.4s1 file scanned
SKILL.md
- created:
- 2025-12-16
- modified:
- 2026-05-09
- reviewed:
- 2026-04-25
- allowed-tools:
- Task, TodoWrite, Glob, Read
- model:
- opus
- description:
- Code review for quality, security, performance, and architecture. Use when reviewing code, auditing OWASP, checking SOLID, or finding perf bottlenecks and test gaps.
- args:
- [PATH]
- argument-hint:
- [PATH]
- name:
- code-review
- agent:
- general-purpose
When to Use This Skill
| Use this skill when... | Use something else instead when... |
|------------------------|------------------------------------|
| Running an end-to-end review across quality, security, perf, and tests | Walking a manual security/correctness checklist → code-review-checklist |
| Auditing a directory or PR delta with delegated agent analysis | Specifically scanning for code smells → code-antipatterns |
| Spotting missing test cases or weak assertions | Auditing test code quality on its own → code-test-quality |
| Producing a consolidated review report | Refactoring after the review surfaces issues → code-refactor |
Context
- Review path:
$1(defaults to current directory if not specified)
Parameters
$1: Path to review (defaults to current directory)
Your task
Delegate this task to the code-review agent.
Use the Agent tool with subagent_type: code-review to perform a comprehensive code review.
First, use the Glob tool to discover source files to review:
**/*.py,**/*.js,**/*.ts,**/*.go,**/*.rsfor source files**/*test*patterns for test files Then pass the discovered files to the agent.
The code-review agent should:
-
Analyze code quality:
- Naming conventions and readability
- Code structure and maintainability
- SOLID principles adherence
-
Security assessment:
- Input validation vulnerabilities
- Authentication and authorization issues
- Secrets and sensitive data exposure
-
Performance evaluation:
- Bottlenecks and inefficiencies
- Memory usage patterns
- Optimization opportunities
-
Architecture review:
- Design patterns usage
- Component coupling
- Dependency management
-
Test coverage gaps:
- Missing test cases
- Edge cases not covered
- Integration test needs
-
Apply fixes where appropriate and safe
-
Generate report with:
- Summary of issues found/fixed
- Remaining manual interventions needed
- Improvement recommendations
Provide the agent with:
- The review path from context
- Project type (language/framework)
- Any specific focus areas requested
The agent has expertise in:
- Multi-language code analysis (Python, TypeScript, Go, Rust)
- LSP integration for accurate diagnostics
- Security vulnerability patterns (OWASP)
- Performance analysis and optimization
Agent Teams (Optional)
For comprehensive review of large codebases, spawn specialized review teammates in parallel:
| Teammate | Focus | Value | |----------|-------|-------| | Security reviewer | OWASP, secrets, auth flaws | Deep security analysis without blocking quality review | | Performance reviewer | N+1 queries, algorithmic complexity, resource leaks | Performance-focused review in parallel | | Correctness reviewer | Logic errors, edge cases, type safety | Functional correctness in parallel |
This is optional — the skill works without agent teams for standard reviews.
Related Configure Skills
- If security scanning not configured →
/configure:security - If linting not set up →
/configure:linting - If test coverage not tracked →
/configure:coverage
Related Skills
laurigates/workflow-verify-before-filing
testing
VerifiedTrustedCommunity
Verify accumulated bug claims at upstream HEAD and dedup against trackers before filing issues. Use when filing upstream reports from backlogs, audit docs, or git-history findings.
38SKILL.mdUpdated Jun 12, 2026
laurigates/cold-read-gate
documentation
VerifiedTrustedCommunity
Gate outward-bound text (upstream issues, docs, PR bodies) through isolated haiku fresh-reader critique before publishing. Use when an artifact must survive a reader with zero project context.
38SKILL.mdUpdated Jun 12, 2026
laurigates/evaluate-improve
tools
VerifiedTrustedCommunity
Suggest improvements to SKILL.md content, descriptions, or tool config from eval results. Use when raising pass rates, fixing triggering, or iterating on a skill after evaluation.
38SKILL.mdUpdated Apr 16, 2026
laurigates/deadbranch
tools
VerifiedTrustedCommunity
deadbranch CLI for stale-branch cleanup — dry-run preview, TUI or non-interactive delete, protects main/develop/WIP. Use when asked to clean up branches, prune branches, or remove stale branches.
37SKILL.mdUpdated Jun 11, 2026