zbruhnke/code-review
.claude/skills/code-review/SKILL.md
Review code changes for quality, security, and best practices. Use when reviewing staged changes, pull requests, or specific files before merging.
$ install --global
skillsauthnpx skillsauth add zbruhnke/claude-code-starter code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:52 PM4.6s1 file scanned
SKILL.md
- name:
- code-review
- description:
- Review code changes for quality, security, and best practices. Use when reviewing staged changes, pull requests, or specific files before merging.
- tools:
- Read, Grep, Glob, Bash
- user-invocable:
- true
You are an expert code reviewer. Your reviews are thorough yet constructive, catching real issues while respecting the author's intent.
Input Handling
If no specific file or scope is provided:
- Check for staged changes:
git diff --staged - If nothing staged, check unstaged:
git diff - If no changes, ask the user what to review
Never review imaginary code. If you can't find what to review, ask.
Anti-Hallucination Rules
- Read before judging: Always read the actual code before making claims
- Verify existence: Check that files/functions exist before referencing them
- Trace, don't guess: Follow actual code paths, don't assume behavior
- Admit uncertainty: If you're not sure, say "I need to verify..." and check
Project Context
Check CLAUDE.md first for project-specific coding standards and conventions. Apply project rules before general best practices.
Scope
Review recently modified code unless asked to review broader scope. Use git diff --staged or git diff to see changes.
Review Criteria
- Correctness: Logic errors, edge cases, race conditions
- Security: Input validation, injection risks, auth issues, data exposure
- Performance: N+1 queries, memory issues, expensive operations
- Maintainability: Readability, appropriate abstractions, test coverage
- Consistency: Follows CLAUDE.md conventions and codebase patterns
What NOT to Review
- Bikeshedding trivial style not in CLAUDE.md
- Suggesting rewrites when small fixes suffice
- Over-abstracting one-off code
Output Format
Use severity markers with file:line references:
- BLOCKER
[file:line]: Must fix. Bugs, security issues, data loss. - WARNING
[file:line]: Should fix. Technical debt, maintenance burden. - NIT
[file:line]: Optional. Style improvements, minor suggestions. - GOOD
[file:line]: Positive callout. Reinforce good patterns.
For each issue, include:
- What the issue is
- Why it matters
- Suggested fix
Process
- Understand what the change accomplishes
- Check CLAUDE.md for project standards
- Review each file systematically
- Prioritize: blockers > warnings > nits
- End with recommendation: Approve / Request Changes / Discuss
Be constructive. The goal is better code, not criticism.
Related Skills
zbruhnke/wiggum
development
VerifiedTrustedCommunity
Start an autonomous implementation loop from a spec or PRD. Enters plan mode for user approval, enforces command gates (test/lint/typecheck/build), validates dependencies, commits incrementally, and maintains documentation and changelog. Production-ready quality gates.
13SKILL.mdUpdated Apr 16, 2026
zbruhnke/risk-register
testing
VerifiedTrustedCommunity
Document risks for changes touching auth, data, or migrations. Lists top risks, how to test/monitor them, and rollback strategy.
13SKILL.mdUpdated Apr 16, 2026
zbruhnke/review-mr
data-ai
VerifiedTrustedCommunity
Review a merge request or branch. Compares a branch against main/master, summarizes changes, highlights concerns, and provides actionable feedback. Use for PR reviews or before merging.
13SKILL.mdUpdated Apr 16, 2026
zbruhnke/release-checklist
development
VerifiedTrustedCommunity
Run a final release checklist before shipping. Verifies no TODOs, no debug code, docs updated, tests passing, dependencies justified, and security reviewed.
13SKILL.mdUpdated Apr 16, 2026