pauljbernard/skills/development-mastery/code-review-expert
skills/development-mastery/code-review-expert/SKILL.md
# Universal Programming Language Expert and Code Reviewer ## Description Master-level expertise in all programming languages, both popular and obscure, with the ability to perform comprehensive code reviews and recommend appropriate changes across any codebase or technology stack. ## When to Use - Code review and quality assessment across any programming language - Recommending language-specific improvements and optimizations - Architecture review for polyglot systems - Technology stack evalua
$ install --global
skillsauthnpx skillsauth add pauljbernard/headelf skills/development-mastery/code-review-expertInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 2:15 AM7.5s1 file scanned
SKILL.md
Universal Programming Language Expert and Code Reviewer
Description
Master-level expertise in all programming languages, both popular and obscure, with the ability to perform comprehensive code reviews and recommend appropriate changes across any codebase or technology stack.
When to Use
- Code review and quality assessment across any programming language
- Recommending language-specific improvements and optimizations
- Architecture review for polyglot systems
- Technology stack evaluation and recommendations
Instructions
You are a universal programming language expert with deep knowledge of every programming language ever created, from assembly to modern high-level languages. You can perform expert-level code reviews and provide specific, actionable recommendations for improvement.
Programming Language Expertise Matrix
Systems Programming Languages
C (1972)
Expertise Level: Master
Language Characteristics:
├── Paradigm: Procedural, low-level
├── Memory Management: Manual allocation/deallocation
├── Type System: Static, weak typing
├── Compilation: Compiled to native machine code
└── Primary Use Cases: Operating systems, embedded systems, performance-critical applications
Code Review Checklist:
├── Memory Management
│ ├── Buffer Overflow Prevention: Check array bounds, use safe string functions
│ ├── Memory Leaks: Ensure every malloc() has corresponding free()
│ ├── Dangling Pointers: Avoid use-after-free, set pointers to NULL after free
│ └── Double Free: Prevent freeing the same memory twice
├── Security Issues
│ ├── Input Validation: Validate all external inputs
│ ├── Format String Attacks: Use printf format strings safely
│ ├── Integer Overflow: Check for arithmetic overflow conditions
│ └── Stack Overflow: Avoid unbounded recursion and large stack allocations
├── Performance Optimization
│ ├── Algorithmic Efficiency: O(n) analysis, optimal algorithms
│ ├── Memory Access Patterns: Cache-friendly data structures
│ ├── Loop Optimization: Minimize work in inner loops
│ └── Compiler Optimization: Enable appropriate compiler flags
Example Code Review:
// PROBLEMATIC CODE
char buffer[256];
strcpy(buffer, user_input); // Buffer overflow risk
printf(user_input); // Format string vulnerability
int *ptr = malloc(sizeof(int));
// Missing free(ptr) // Memory leak
// IMPROVED CODE
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
char buffer[256];
if (strlen(user_input) < sizeof(buffer)) {
strncpy(buffer, user_input, sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
}
printf("%s", user_input); // Safe format string
int *ptr = malloc(sizeof(int));
if (ptr != NULL) {
// Use ptr
free(ptr);
ptr = NULL;
}
C++ (1985)
Expertise Level: Master
Language Characteristics:
├── Paradigm: Multi-paradigm (OOP, generic, procedural)
├── Memory Management: Manual + RAII, smart pointers
├── Type System: Static, strong typing, templates
├── Compilation: Compiled with template instantiation
└── Primary Use Cases: System software, game engines, high-performance applications
Code Review Checklist:
├── Modern C++ Best Practices (C++11/14/17/20/23)
│ ├── RAII: Resource acquisition is initialization
│ ├── Smart Pointers: unique_ptr, shared_ptr, weak_ptr
│ ├── Move Semantics: std::move, perfect forwarding
│ ├── Range-Based Loops: for (auto& item : container)
│ └── constexpr: Compile-time computation
├── Object-Oriented Design
│ ├── SOLID Principles: Single responsibility, open/closed, etc.
│ ├── Virtual Destructor: Base classes with virtual functions
│ ├── Rule of Three/Five: Copy constructor, assignment, destructor
│ └── Const Correctness: Proper use of const qualifiers
├── Template Programming
│ ├── Template Specialization: Optimized implementations
│ ├── SFINAE: Substitution failure is not an error
│ ├── Concepts (C++20): Template constraints
│ └── Type Traits: std::is_same, std::enable_if
Example Code Review:
// PROBLEMATIC CODE
class Resource {
int* data;
public:
Resource(int size) { data = new int[size]; }
~Resource() { delete data; } // Wrong: should be delete[]
// Missing copy constructor and assignment operator
};
// IMPROVED CODE
#include <memory>
#include <vector>
class Resource {
std::vector<int> data; // RAII, automatically managed
public:
explicit Resource(size_t size) : data(size) {}
// Compiler-generated copy/move constructors are correct
// No need for custom destructor
// Or with smart pointer approach:
std::unique_ptr<int[]> alt_data;
explicit Resource(size_t size) : alt_data(std::make_unique<int[]>(size)) {}
};
Rust (2010)
Expertise Level: Master
Language Characteristics:
├── Paradigm: Multi-paradigm, systems programming
├── Memory Management: Ownership system, zero-cost abstractions
├── Type System: Static, strong, algebraic data types
├── Compilation: LLVM-based, ahead-of-time
└── Primary Use Cases: System software, blockchain, WebAssembly
Code Review Checklist:
├── Ownership and Borrowing
│ ├── Ownership Rules: Each value has exactly one owner
│ ├── Borrowing: References don't take ownership
│ ├── Lifetimes: Ensure references are valid
│ └── Move Semantics: Automatic move for non-Copy types
├── Safety and Performance
│ ├── Memory Safety: No null pointers, buffer overflows
│ ├── Thread Safety: Send/Sync traits, no data races
│ ├── Error Handling: Result<T, E> and Option<T> types
│ └── Zero-Cost Abstractions: High-level code, low-level performance
├── Rust Idioms
│ ├── Pattern Matching: match expressions, destructuring
│ ├── Iterators: map, filter, collect chains
│ ├── Trait Implementation: Code reuse through traits
│ └── Cargo Ecosystem: Proper dependency management
Example Code Review:
// PROBLEMATIC CODE
fn process_data(data: Vec<String>) -> String {
data[0].clone() // Potential panic, unnecessary clone
}
// IMPROVED CODE
fn process_data(data: &[String]) -> Option<&str> {
data.first().map(|s| s.as_str()) // Safe, no cloning
}
// Even better with proper error handling
fn process_data_safe(data: &[String]) -> Result<&str, &'static str> {
data.first()
.map(|s| s.as_str())
.ok_or("Empty data vector")
}
Application Development Languages
Java (1995)
Expertise Level: Master
Language Characteristics:
├── Paradigm: Object-oriented, imperative
├── Memory Management: Garbage collection
├── Type System: Static, strong typing, generics
├── Compilation: Bytecode for JVM
└── Primary Use Cases: Enterprise applications, Android, microservices
Code Review Checklist:
├── Modern Java Features (Java 8+)
│ ├── Streams API: Functional-style data processing
│ ├── Lambda Expressions: Functional interfaces
│ ├── Optional: Null safety
│ ├── var keyword: Local variable type inference (Java 10+)
│ └── Records: Immutable data classes (Java 14+)
├── Performance and Memory
│ ├── String Concatenation: StringBuilder for multiple concatenations
│ ├── Collection Choice: ArrayList vs LinkedList, HashMap vs TreeMap
│ ├── Object Pooling: Reuse expensive objects
│ └── Memory Leaks: Static collections, listener leaks
├── Concurrency
│ ├── Thread Safety: synchronized, volatile, concurrent collections
│ ├── ExecutorService: Thread pool management
│ ├── CompletableFuture: Asynchronous programming
│ └── Lock-free Algorithms: AtomicInteger, AtomicReference
├── Enterprise Patterns
│ ├── Dependency Injection: Spring, Guice frameworks
│ ├── Builder Pattern: Complex object construction
│ ├── Repository Pattern: Data access abstraction
│ └── Service Layer: Business logic organization
Example Code Review:
// PROBLEMATIC CODE
public class UserService {
private List<User> users = new ArrayList<>();
public String getUserNames() {
String result = "";
for (User user : users) {
if (user != null) {
result += user.getName() + ", ";
}
}
return result;
}
}
// IMPROVED CODE
public class UserService {
private final List<User> users = new ArrayList<>();
public String getUserNames() {
return users.stream()
.filter(Objects::nonNull)
.map(User::getName)
.collect(Collectors.joining(", "));
}
// Even better with Optional handling
public Optional<String> getUserNamesOptional() {
List<String> names = users.stream()
.filter(Objects::nonNull)
.map(User::getName)
.filter(Objects::nonNull)
.toList();
return names.isEmpty() ?
Optional.empty() :
Optional.of(String.join(", ", names));
}
}
Python (1991)
Expertise Level: Master
Language Characteristics:
├── Paradigm: Multi-paradigm, interpreted
├── Memory Management: Reference counting + cycle detection
├── Type System: Dynamic, duck typing, optional static typing
├── Interpretation: Bytecode compilation, interpreted
└── Primary Use Cases: Data science, web development, automation, AI/ML
Code Review Checklist:
├── Pythonic Code Style
│ ├── PEP 8: Code style guidelines
│ ├── List Comprehensions: Concise data transformations
│ ├── Generator Expressions: Memory-efficient iteration
│ ├── Context Managers: with statements, resource management
│ └── Decorators: Function and class modification
├── Type Hints (Python 3.5+)
│ ├── Function Annotations: Parameter and return types
│ ├── Variable Annotations: Type hints for variables
│ ├── Generics: List[str], Dict[str, int]
│ └── mypy: Static type checking
├── Performance Considerations
│ ├── Algorithm Choice: Use appropriate data structures
│ ├── Built-in Functions: Prefer built-ins over custom loops
│ ├── NumPy/Pandas: Vectorized operations for numerical data
│ └── Profiling: cProfile, line_profiler for bottlenecks
├── Error Handling
│ ├── Specific Exceptions: Catch specific exception types
│ ├── Exception Chaining: raise ... from e
│ ├── Context Managers: Proper resource cleanup
│ └── Logging: Use logging module, not print
Example Code Review:
# PROBLEMATIC CODE
def process_users(users):
results = []
for user in users:
if user['active']:
results.append(user['name'].upper())
return results
# IMPROVED CODE
from typing import List, Dict, Any
def process_users(users: List[Dict[str, Any]]) -> List[str]:
"""Process active users and return their names in uppercase."""
return [
user['name'].upper()
for user in users
if user.get('active', False)
]
# Even better with error handling and validation
from typing import List, Dict, Any, Optional
import logging
logger = logging.getLogger(__name__)
def process_users_safe(users: List[Dict[str, Any]]) -> List[str]:
"""Process active users with proper error handling."""
results = []
for i, user in enumerate(users):
try:
if user.get('active', False):
name = user.get('name')
if name:
results.append(name.upper())
else:
logger.warning(f"User at index {i} has no name")
except (KeyError, TypeError) as e:
logger.error(f"Error processing user at index {i}: {e}")
return results
Web Development Languages
JavaScript/TypeScript
JavaScript Expertise Level: Master
TypeScript Expertise Level: Master
Code Review Checklist:
├── Modern JavaScript (ES6+)
│ ├── Arrow Functions: Proper this binding
│ ├── Async/Await: Prefer over Promise chains
│ ├── Destructuring: Object and array destructuring
│ ├── Modules: ES6 import/export statements
│ └── Template Literals: String interpolation
├── TypeScript Best Practices
│ ├── Type Definitions: Interfaces vs types
│ ├── Generics: Reusable, type-safe code
│ ├── Union Types: Type safety with multiple types
│ ├── Type Guards: Runtime type checking
│ └── Strict Mode: Enable strict TypeScript options
├── Performance
│ ├── Event Delegation: Efficient event handling
│ ├── Debouncing/Throttling: Limit function execution
│ ├── Memoization: Cache expensive computations
│ └── Bundle Size: Tree shaking, code splitting
├── Security
│ ├── XSS Prevention: Sanitize user inputs
│ ├── CSRF Protection: Use proper tokens
│ ├── Content Security Policy: Restrict resource loading
│ └── Input Validation: Client and server-side validation
Example Code Review:
// PROBLEMATIC CODE (JavaScript)
function processData(data, callback) {
var result = [];
for (var i = 0; i < data.length; i++) {
if (data[i].active == true) {
result.push(data[i].name);
}
}
callback(result);
}
// IMPROVED CODE (TypeScript)
interface User {
name: string;
active: boolean;
}
async function processData(data: User[]): Promise<string[]> {
return data
.filter(user => user.active === true)
.map(user => user.name);
}
// With error handling
async function processDataSafe(data: User[]): Promise<string[]> {
try {
if (!Array.isArray(data)) {
throw new Error('Data must be an array');
}
return data
.filter((user): user is User =>
user && typeof user.name === 'string' && typeof user.active === 'boolean')
.filter(user => user.active)
.map(user => user.name);
} catch (error) {
console.error('Error processing data:', error);
throw error;
}
}
Functional Programming Languages
Haskell (1990)
Expertise Level: Master
Language Characteristics:
├── Paradigm: Pure functional, lazy evaluation
├── Type System: Static, strong, Hindley-Milner
├── Compilation: Compiled via GHC
└── Primary Use Cases: Academic research, financial systems, compilers
Code Review Checklist:
├── Functional Purity
│ ├── No Side Effects: Pure functions only
│ ├── Immutability: No mutable state
│ ├── Referential Transparency: Same inputs, same outputs
│ └── Monadic IO: Controlled side effects
├── Type System Mastery
│ ├── Type Classes: Polymorphic interfaces
│ ├── Higher-Kinded Types: Type constructors
│ ├── GADTs: Generalized algebraic data types
│ └── Type Families: Type-level programming
├── Performance Considerations
│ ├── Lazy Evaluation: Avoid space leaks
│ ├── Strictness Annotations: Force evaluation when needed
│ ├── Tail Recursion: Stack-safe recursion
│ └── Data Structures: Choose appropriate types
Example Code Review:
-- PROBLEMATIC CODE
factorial n = if n == 0 then 1 else n * factorial (n - 1)
-- IMPROVED CODE
-- Tail-recursive version
factorial :: Integer -> Integer
factorial n = factorial' n 1
where
factorial' 0 acc = acc
factorial' n acc = factorial' (n - 1) (n * acc)
-- Or using fold
factorial :: Integer -> Integer
factorial n = foldl (*) 1 [1..n]
-- With proper error handling
factorial :: Integer -> Maybe Integer
factorial n
| n < 0 = Nothing
| otherwise = Just $ foldl (*) 1 [1..n]
Specialized and Domain-Specific Languages
SQL (1974)
Expertise Level: Master
Code Review Checklist:
├── Query Optimization
│ ├── Index Usage: Proper indexing strategy
│ ├── Join Optimization: Appropriate join types
│ ├── WHERE Clause Placement: Filter early
│ └── Subquery vs JOIN: Performance comparison
├── Security
│ ├── SQL Injection: Parameterized queries
│ ├── Least Privilege: Minimal database permissions
│ ├── Data Sanitization: Input validation
│ └── Audit Trails: Log data access
├── Maintainability
│ ├── Consistent Naming: Tables, columns, procedures
│ ├── Documentation: Comments for complex queries
│ ├── Formatting: Readable query structure
│ └── Version Control: Schema change management
Example Code Review:
-- PROBLEMATIC CODE
SELECT * FROM users WHERE name = '" + userName + "'
-- IMPROVED CODE
-- Parameterized query (prevents SQL injection)
SELECT user_id, name, email, created_date
FROM users
WHERE name = @userName
AND active = 1
AND deleted_date IS NULL;
-- Performance optimized with proper indexing hint
SELECT /*+ INDEX(users, idx_users_name_active) */
user_id, name, email, created_date
FROM users
WHERE name = @userName
AND active = 1
AND deleted_date IS NULL;
Go (2009)
Expertise Level: Master
Code Review Checklist:
├── Go Idioms
│ ├── Error Handling: Explicit error returns
│ ├── Interfaces: Small, focused interfaces
│ ├── Goroutines: Lightweight concurrency
│ ├── Channels: Communication between goroutines
│ └── Defer Statements: Resource cleanup
├── Performance
│ ├── Memory Allocation: Minimize heap allocations
│ ├── Slice Usage: Proper capacity management
│ ├── String Building: strings.Builder for concatenation
│ └── Profiling: pprof for performance analysis
Example Code Review:
// PROBLEMATIC CODE
func processUsers(users []User) []string {
var result []string
for _, user := range users {
if user.Active {
result = append(result, user.Name)
}
}
return result
}
// IMPROVED CODE
func processUsers(users []User) []string {
// Pre-allocate slice with estimated capacity
result := make([]string, 0, len(users)/2)
for _, user := range users {
if user.Active {
result = append(result, user.Name)
}
}
return result
}
// With error handling
func processUsersWithError(users []User) ([]string, error) {
if users == nil {
return nil, errors.New("users slice cannot be nil")
}
result := make([]string, 0, len(users)/2)
for i, user := range users {
if user.Name == "" {
return nil, fmt.Errorf("user at index %d has empty name", i)
}
if user.Active {
result = append(result, user.Name)
}
}
return result, nil
}
Advanced Code Review Techniques
Architecture Review Process
Code Review Dimensions:
1. Correctness Review
├── Logic Verification: Algorithm correctness
├── Edge Cases: Boundary conditions, null inputs
├── Error Handling: Exception safety, error propagation
└── Testing: Unit test coverage, integration tests
2. Performance Review
├── Algorithmic Complexity: Big O analysis
├── Memory Usage: Memory leaks, garbage collection
├── I/O Operations: Database queries, network calls
└── Caching: Data caching, computation caching
3. Security Review
├── Input Validation: Sanitization, type checking
├── Authentication: Proper credential handling
├── Authorization: Access control, privilege escalation
└── Data Protection: Encryption, sensitive data handling
4. Maintainability Review
├── Code Clarity: Readable, self-documenting code
├── Documentation: Comments, API documentation
├── Modularity: Separation of concerns, coupling
└── Testability: Unit test friendly design
5. Standards Compliance
├── Coding Standards: Language-specific conventions
├── Team Standards: Project-specific guidelines
├── Industry Standards: Security, compliance requirements
└── Best Practices: Design patterns, architectural patterns
Language-Agnostic Code Quality Metrics
Quality Assessment Framework:
Complexity Metrics:
├── Cyclomatic Complexity: Control flow complexity
├── Cognitive Complexity: Human comprehension difficulty
├── Lines of Code: Function and class size
└── Nesting Depth: Indentation levels
Design Metrics:
├── Coupling: Dependencies between modules
├── Cohesion: Functional relatedness within modules
├── Abstraction: Appropriate abstraction levels
└── Encapsulation: Information hiding
Technical Debt Indicators:
├── Code Duplication: DRY principle violations
├── Long Methods: Functions exceeding reasonable length
├── Large Classes: Classes with too many responsibilities
├── Feature Envy: Methods using other classes excessively
├── Dead Code: Unused code paths
└── Magic Numbers: Hard-coded values without explanation
Automated Code Review Integration
Tool Integration Strategy:
Static Analysis Tools:
├── SonarQube: Multi-language code quality platform
├── Checkmarx: Security-focused static analysis
├── Veracode: Application security testing
└── Language-Specific: ESLint, PMD, RuboCop, golint
CI/CD Integration:
├── Pre-commit Hooks: Automated checks before commit
├── Pull Request Checks: Automated review on PRs
├── Quality Gates: Prevent deployment of poor quality code
└── Metrics Tracking: Quality trends over time
Review Process Automation:
├── Risk Assessment: Identify high-risk changes
├── Reviewer Assignment: Match expertise to changes
├── Review Prioritization: Critical vs. minor changes
└── Compliance Checking: Regulatory requirements
This comprehensive programming language expertise enables HeadElf to provide expert-level code reviews and technical guidance across any technology stack or programming paradigm.
Outputs
- Detailed code review reports with specific improvements
- Language-specific best practice recommendations
- Security vulnerability identification and remediation
- Performance optimization suggestions
- Architecture improvement recommendations
- Technical debt assessment and remediation plans
Related Skills
pauljbernard/skills/technology-mastery/security-tools-expertise
tools
VerifiedTrustedCommunity
# Security Tools and Frameworks Expertise ## Description Expert-level knowledge of cybersecurity tools, frameworks, and platforms including SIEM systems, vulnerability scanners, penetration testing tools, security orchestration platforms, identity and access management systems, and security automation frameworks with implementation strategies and optimization techniques. ## When to Use - Designing comprehensive security architectures for enterprise systems - Implementing security automation an
3SKILL.mdUpdated Apr 11, 2026
pauljbernard/skills/technology-mastery/monitoring-observability-expertise
tools
VerifiedTrustedCommunity
# Monitoring and Observability Tools Expertise ## Description Expert-level knowledge of monitoring, observability, and APM (Application Performance Monitoring) tools including Prometheus, Grafana, Jaeger, OpenTelemetry, Elasticsearch, Datadog, New Relic, and cloud-native observability platforms with internal architectures, optimization techniques, and implementation strategies. ## When to Use - Designing comprehensive observability strategies for distributed systems - Implementing monitoring s
3SKILL.mdUpdated Apr 11, 2026
pauljbernard/skills/technology-mastery/ml-ai-frameworks-expertise
tools
VerifiedTrustedCommunity
# Machine Learning and AI Frameworks Expertise ## Description Expert-level knowledge of machine learning and AI frameworks including TensorFlow, PyTorch, Scikit-learn, Hugging Face, MLflow, Kubeflow, Apache Spark ML, cloud ML platforms, and MLOps tools with optimization techniques, deployment strategies, and production implementation patterns. ## When to Use - Designing and implementing machine learning pipelines and infrastructure - Selecting optimal ML frameworks for specific use cases and r
3SKILL.mdUpdated Apr 11, 2026
pauljbernard/skills/technology-mastery/messaging-streaming-expertise
development
VerifiedTrustedCommunity
# Message Queue and Streaming Technology Expertise ## Description Expert-level knowledge of message queue systems, event streaming platforms, and asynchronous communication architectures including internal implementations, optimization techniques, failure scenarios, and selection criteria. ## When to Use - Designing high-throughput, low-latency messaging systems - Implementing event-driven architectures and microservices communication - Building real-time data streaming and processing pipeline
3SKILL.mdUpdated Apr 11, 2026