code-review
This Code Review skill analyzes code diffs and files to identify security vulnerabilities aligned with OWASP Top 10, evaluate error handling robustness, assess complexity and readability, verify naming conventions, detect performance issues, and validate input handling. Use it when users request review of pull requests, merge requests, or code changes.
git clone --depth 1 https://github.com/open-gitagent/opengap /tmp/code-review && cp -r /tmp/code-review/examples/standard/skills/code-review ~/.claude/skills/code-reviewSKILL.md
# Code Review
## Instructions
When reviewing code:
1. Read the full diff or file provided
2. Check for security vulnerabilities (OWASP Top 10)
3. Evaluate error handling completeness
4. Assess code complexity and readability
5. Verify naming conventions and code style
6. Look for performance issues
7. Check for proper input validation
## Output Format
```
## Review Summary
[1-2 sentence overview]
## Findings
### CRITICAL
- [Finding with line reference and fix]
### WARNING
- [Finding with line reference and fix]
### SUGGESTION
- [Finding with line reference and fix]
## What's Done Well
- [Positive observations]
```
### Example Finding
```
### CRITICAL
- **Line 42**: SQL injection vulnerability — user input concatenated directly into query string.
Fix: Use parameterized queries instead of string concatenation.
```python
# Before (vulnerable)
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# After (safe)
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
```
```Reviews financial documents (prospectuses, ADVs, marketing materials) for FINRA 2210 compliance, required disclosures, and balanced presentation. Use when reviewing financial statements, audit documents, regulatory filings, or when the user mentions compliance checks, financial audits, or document verification.
Analyzes documents and processes against FINRA, SEC, Federal Reserve, and CFPB regulatory frameworks. Identifies compliance gaps, classifies findings by severity, and recommends remediation. Use when performing compliance audits, regulatory reviews, gap analyses, or verifying policy adherence to financial regulations.
Creates and configures agent.yaml files, writes SOUL.md personality definitions, and sets up agent directory structures with skills, tools, and knowledge. Use when the user wants to configure an agent, create agent.yaml, write SOUL.md, set up agent directory structure, or customize agent settings.
Converts agent definitions between frameworks — exports to Claude Code, OpenAI, CrewAI, Lyzr, and GitHub Models formats, and imports from Claude, Cursor, and CrewAI projects. Use when the user wants to convert an agent, migrate to another framework, export to LangChain/AutoGen/CrewAI, or import from existing automation tools.
Guides installation of gitagent and creation of first agent with scaffolding, configuration, and validation. Use when the user is new to gitagent, asks how to get started, wants to install gitagent, set up their first agent, or says 'how do I start?'
Searches the SkillsMP registry, installs skills locally or globally, creates custom skills with SKILL.md frontmatter, and manages the skill lifecycle. Use when the user wants to find skills, add new capabilities, install a skill, browse available skills, create a custom skill, or manage the skills system.
Configures and runs agents with different adapters including Claude, OpenAI, CrewAI, Lyzr, and GitHub Models. Supports local execution, remote git repos, and one-shot prompts. Use when the user wants to run an agent, switch LLM providers, configure adapter settings, or launch agents from git repositories.
>