code-review
The code-review Claude Code skill examines code changes across security, performance, correctness, and maintainability dimensions. Use it when submitting pull requests for audit, investigating potential vulnerabilities like SQL injection or authentication flaws, identifying performance bottlenecks such as N+1 queries, or catching edge cases and error handling gaps before merging.
git clone --depth 1 https://github.com/openyak/openyak /tmp/code-review && cp -r /tmp/code-review/backend/app/data/plugins/engineering/skills/code-review ~/.claude/skills/code-reviewSKILL.md
# /code-review > If you see unfamiliar placeholders or need to check which tools are connected, see [CONNECTORS.md](../../CONNECTORS.md). Review code changes with a structured lens on security, performance, correctness, and maintainability. ## Usage ``` /code-review <PR URL or file path> ``` Review the provided code changes: @$1 If no specific file or URL is provided, ask what to review. ## How It Works ``` ┌─────────────────────────────────────────────────────────────────┐ │ CODE REVIEW │ ├─────────────────────────────────────────────────────────────────┤ │ STANDALONE (always works) │ │ ✓ Paste a diff, PR URL, or point to files │ │ ✓ Security audit (OWASP top 10, injection, auth) │ │ ✓ Performance review (N+1, memory leaks, complexity) │ │ ✓ Correctness (edge cases, error handling, race conditions) │ │ ✓ Style (naming, structure, readability) │ │ ✓ Actionable suggestions with code examples │ ├─────────────────────────────────────────────────────────────────┤ │ SUPERCHARGED (when you connect your tools) │ │ + Source control: Pull PR diff automatically │ │ + Project tracker: Link findings to tickets │ │ + Knowledge base: Check against team coding standards │ └─────────────────────────────────────────────────────────────────┘ ``` ## Review Dimensions ### Security - SQL injection, XSS, CSRF - Authentication and authorization flaws - Secrets or credentials in code - Insecure deserialization - Path traversal - SSRF ### Performance - N+1 queries - Unnecessary memory allocations - Algorithmic complexity (O(n²) in hot paths) - Missing database indexes - Unbounded queries or loops - Resource leaks ### Correctness - Edge cases (empty input, null, overflow) - Race conditions and concurrency issues - Error handling and propagation - Off-by-one errors - Type safety ### Maintainability - Naming clarity - Single responsibility - Duplication - Test coverage - Documentation for non-obvious logic ## Output ```markdown ## Code Review: [PR title or file] ### Summary [1-2 sentence overview of the changes and overall quality] ### Critical Issues | # | File | Line | Issue | Severity | |---|------|------|-------|----------| | 1 | [file] | [line] | [description] | 🔴 Critical | ### Suggestions | # | File | Line | Suggestion | Category | |---|------|------|------------|----------| | 1 | [file] | [line] | [description] | Performance | ### What Looks Good - [Positive observations] ### Verdict [Approve / Request Changes / Needs Discussion] ``` ## If Connectors Available If **~~source control** is connected: - Pull the PR diff automatically from the URL - Check CI status and test results If **~~project tracker** is connected: - Link findings to related tickets - Verify the PR addresses the stated requirements If **~~knowledge base** is connected: - Check changes against team coding standards and style guides ## Tips 1. **Provide context** — "This is a hot path" or "This handles PII" helps me focus. 2. **Specify concerns** — "Focus on security" narrows the review. 3. **Include tests** — I'll check test coverage and quality too.
Convert laboratory instrument output files (PDF, CSV, Excel, TXT) to Allotrope Simple Model (ASM) JSON format or flattened 2D CSV. Use this skill when scientists need to standardize instrument data for LIMS systems, data lakes, or downstream analysis. Supports auto-detection of instrument types. Outputs include full ASM JSON, flattened CSV for easy import, and exportable Python code for data engineers. Common triggers include converting instrument files, standardizing lab data, preparing data for upload to LIMS/ELN systems, or generating parser code for production pipelines.
Run nf-core bioinformatics pipelines (rnaseq, sarek, atacseq) on sequencing data. Use when analyzing RNA-seq, WGS/WES, or ATAC-seq data—either local FASTQs or public datasets from GEO/SRA. Triggers on nf-core, Nextflow, FASTQ analysis, variant calling, gene expression, differential expression, GEO reanalysis, GSE/GSM/SRR accessions, or samplesheet creation.
This skill should be used when scientists need help with research problem selection, project ideation, troubleshooting stuck projects, or strategic scientific decisions. Use this skill when users ask to pitch a new research idea, work through a project problem, evaluate project risks, plan research strategy, navigate decision trees, or get help choosing what scientific problem to work on. Typical requests include "I have an idea for a project", "I'm stuck on my research", "help me evaluate this project", "what should I work on", or "I need strategic advice about my research".
Deep learning for single-cell analysis using scvi-tools. This skill should be used when users need (1) data integration and batch correction with scVI/scANVI, (2) ATAC-seq analysis with PeakVI, (3) CITE-seq multi-modal analysis with totalVI, (4) multiome RNA+ATAC analysis with MultiVI, (5) spatial transcriptomics deconvolution with DestVI, (6) label transfer and reference mapping with scANVI/scArches, (7) RNA velocity with veloVI, or (8) any deep learning-based single-cell method. Triggers include mentions of scVI, scANVI, totalVI, PeakVI, MultiVI, DestVI, veloVI, sysVI, scArches, variational autoencoder, VAE, batch correction, data integration, multi-modal, CITE-seq, multiome, reference mapping, latent space.
Performs quality control on single-cell RNA-seq data (.h5ad or .h5 files) using scverse best practices with MAD-based filtering and comprehensive visualizations. Use when users request QC analysis, filtering low-quality cells, assessing data quality, or following scverse/scanpy best practices for single-cell analysis.
Set up your bio-research environment and explore available tools. Use when first getting oriented with the plugin, checking which literature, drug-discovery, or visualization MCP servers are connected, or surveying available analysis skills before starting a new project.
>
>