skills for everythingAgent Skill
2/7/2026skill-code-review
Perform thorough, constructive code reviews focusing on correctness, security, maintainability, and best practices
N
nicanac
1GitHub Stars
1Views
npx skills add nicanac/vibe-architect-central
SKILL.md
| Name | skill-code-review |
| Description | Perform thorough, constructive code reviews focusing on correctness, security, maintainability, and best practices |
name: skill-code-review description: Perform thorough, constructive code reviews focusing on correctness, security, maintainability, and best practices
Code Review Skill Instructions
Purpose
Conduct comprehensive code reviews that improve code quality, catch bugs early, ensure security, and promote team learning through constructive feedback.
When to Use
- Pull request reviews
- Pre-merge code inspections
- Security audits
- Refactoring validation
- New feature implementation reviews
Review Process
1. Understand Context First
- Read the PR/change description and linked issues
- Understand the intent and scope of the change
- Check if tests and documentation are included
- Review the overall architecture impact
2. Review Checklist
โ Correctness
- Does the code do what it's supposed to do?
- Are edge cases handled properly?
- Is the logic correct and complete?
- Are there any off-by-one errors, null pointer issues, or race conditions?
๐ Security
- Input validation and sanitization
- No hardcoded secrets, API keys, or credentials
- Proper authentication and authorization checks
- SQL injection, XSS, CSRF protection
- Secure handling of sensitive data
- Dependencies free of known vulnerabilities
๐๏ธ Architecture & Design
- Follows SOLID principles
- Appropriate separation of concerns
- No unnecessary coupling between components
- Consistent with existing patterns in the codebase
- Scalability considerations addressed
๐ Readability & Maintainability
- Clear, descriptive naming (variables, functions, classes)
- Functions are small and do one thing well
- No magic numbers or strings (use constants)
- Complex logic is commented or self-documenting
- No dead code or commented-out code blocks
โก Performance
- No N+1 queries or unnecessary database calls
- Efficient algorithms and data structures
- Proper caching where appropriate
- No memory leaks or resource exhaustion risks
- Async operations used correctly
๐งช Testing
- Unit tests cover new functionality
- Edge cases and error paths tested
- Tests are readable and maintainable
- No flaky or brittle tests
- Integration tests where appropriate
๐ Documentation
- Public APIs documented
- Complex business logic explained
- README updated if needed
- Breaking changes documented
Feedback Guidelines
Be Constructive
โ "This code is bad"
โ
"Consider extracting this into a separate function for better testability"
Be Specific
โ "Fix the naming"
โ
"Rename `data` to `userProfile` to clarify its purpose"
Explain the Why
โ "Don't use var"
โ
"Use `const` instead of `var` to prevent accidental reassignment and improve code clarity"
Categorize Feedback Severity
| Prefix | Meaning | Action Required |
|---|---|---|
| ๐จ BLOCKER | Critical issue, must fix | Cannot merge |
| โ ๏ธ WARNING | Should fix, potential problem | Strongly recommended |
| ๐ก SUGGESTION | Improvement opportunity | Optional |
| โ QUESTION | Clarification needed | Please explain |
| ๐ PRAISE | Great work! | Keep it up |
Comment Templates
Security Issue
๐จ **BLOCKER - Security**: User input is not sanitized before being used in the SQL query.
This creates a SQL injection vulnerability.
**Suggestion**: Use parameterized queries or an ORM to safely handle user input.
Performance Concern
โ ๏ธ **WARNING - Performance**: This loop makes a database call on each iteration,
resulting in N+1 queries.
**Suggestion**: Batch the queries or use eager loading to fetch all data upfront.
Code Quality Suggestion
๐ก **SUGGESTION**: This function is 80 lines long with multiple responsibilities.
Consider splitting into:
- `validateInput()` - Input validation
- `processData()` - Core business logic
- `formatResponse()` - Response formatting
Positive Feedback
๐ **PRAISE**: Excellent error handling here! The fallback mechanism and
detailed logging will make debugging much easier.
Review Output Format
Structure your review as follows:
## Code Review Summary
**Overall Assessment**: โ
Approved | โ ๏ธ Needs Changes | ๐จ Request Changes
### Overview
Brief summary of what was reviewed and overall impressions.
### Critical Issues (Must Fix)
- Issue 1 with location and fix suggestion
- Issue 2 with location and fix suggestion
### Recommendations (Should Fix)
- Recommendation 1
- Recommendation 2
### Suggestions (Nice to Have)
- Suggestion 1
- Suggestion 2
### Positive Highlights
- What was done well
### Questions
- Any clarifications needed
Best Practices
- Review in small batches - Keep PRs small (<400 lines) for effective review
- Take your time - Don't rush; bugs missed in review are expensive later
- Be respectful - Review the code, not the person
- Assume good intent - Authors did their best with available information
- Offer alternatives - Don't just criticize; provide solutions
- Learn together - Reviews are learning opportunities for everyone
- Follow up - Verify fixes address the concerns raised
Anti-Patterns to Avoid
- โ Nitpicking style issues (use linters instead)
- โ Rewriting someone's code in your style
- โ Blocking PRs for subjective preferences
- โ Reviewing without understanding context
- โ Being vague or unconstructive
- โ Ignoring positive aspects of the code
Skills Info
Original Name:skill-code-reviewAuthor:nicanac
Download