code-review-assistant
Conduct comprehensive code reviews identifying bugs, security issues, performance problems, code quality concerns, and best practice violations. Use when reviewing pull requests, examining code changes, evaluating new code, assessing code quality, or providing feedback on implementations. Analyzes code for correctness, security vulnerabilities, performance bottlenecks, maintainability issues, test coverage, documentation quality, and adherence to coding standards. Produces structured markdown reviews with categorized findings, severity ratings, specific examples, and actionable recommendations. Triggers when users ask to review code, check pull requests, evaluate implementations, find bugs, or assess code quality.
git clone --depth 1 https://github.com/ArabelaTso/Skills-4-SE /tmp/code-review-assistant && cp -r /tmp/code-review-assistant/skills/code-review-assistant ~/.claude/skills/code-review-assistantSKILL.md
# Code Review Assistant
## Overview
Perform thorough, constructive code reviews that identify issues, suggest improvements, and ensure code quality, security, and maintainability.
## Review Categories
Examine code across these dimensions:
### 1. 🐛 Correctness & Bugs
- Logic errors
- Edge case handling
- Null/undefined checks
- Type mismatches
- Off-by-one errors
- Race conditions
### 2. 🔒 Security
- Input validation
- SQL injection risks
- XSS vulnerabilities
- Authentication/authorization flaws
- Sensitive data exposure
- Insecure dependencies
### 3. ⚡ Performance
- Algorithm efficiency (O(n) complexity)
- Memory leaks
- Unnecessary computations
- Database query optimization
- Caching opportunities
### 4. 🏗️ Code Quality
- Readability and clarity
- Naming conventions
- Code duplication (DRY principle)
- Function/method length
- Complexity (cyclomatic)
- SOLID principles
### 5. ✅ Testing
- Test coverage
- Edge case testing
- Unit vs integration tests
- Test quality and clarity
- Mock usage appropriateness
### 6. 📚 Documentation
- Code comments quality
- API documentation
- Function/method docstrings
- Complex logic explanation
- README updates
## Review Workflow
### Step 1: Understand Context
**Gather information:**
- What's the purpose of this code?
- What problem does it solve?
- What's the scope of changes?
- Are there related files to consider?
**For PRs:**
```bash
# View PR diff
gh pr diff <PR-NUMBER>
# View PR description
gh pr view <PR-NUMBER>
# See changed files
git diff --name-only main..HEAD
```
### Step 2: Read the Code
**First pass - high level:**
- Overall structure and organization
- Naming consistency
- Code patterns used
- Separation of concerns
**Second pass - detailed:**
- Line-by-line logic verification
- Edge cases and error handling
- Performance considerations
- Security implications
### Step 3: Identify Issues
Categorize findings by severity:
**🔴 Critical:** Must fix before merge
- Security vulnerabilities
- Data loss risks
- System crashes
- Breaking changes
**🟡 Important:** Should fix before merge
- Logic bugs
- Performance issues
- Poor error handling
- Missing tests for critical paths
**🔵 Minor:** Nice to have
- Code style inconsistencies
- Missing comments
- Minor optimizations
- Naming improvements
**💡 Suggestion:** Optional improvements
- Refactoring opportunities
- Alternative approaches
- Future considerations
### Step 4: Provide Feedback
Structure feedback constructively:
**For each issue:**
1. **Location:** File and line number
2. **Issue:** What's wrong
3. **Impact:** Why it matters
4. **Recommendation:** How to fix
5. **Example:** Code suggestion if helpful
**Tone guidelines:**
- Be specific and objective
- Focus on code, not the person
- Explain the "why" behind suggestions
- Acknowledge good practices
- Ask questions for clarification when unsure
## Review Template
```markdown
# Code Review: [PR Title / Code Description]
## Summary
- **Files Reviewed:** X files, Y lines changed
- **Overall Assessment:** [Approve/Request Changes/Comment]
- **Critical Issues:** N
- **Important Issues:** M
- **Minor Issues:** K
---
## 🔴 Critical Issues
### Issue 1: [Title]
**Location:** `path/to/file.py:42`
**Problem:**
[Clear description of the issue]
**Impact:**
[Why this is critical - security, data loss, crashes, etc.]
**Recommendation:**
[Specific fix needed]
**Example:**
```python
# Current (problematic)
user_input = request.GET['id']
query = f"SELECT * FROM users WHERE id = {user_input}"
# Suggested (fixed)
user_input = request.GET.get('id')
if user_input and user_input.isdigit():
query = "SELECT * FROM users WHERE id = %s"
cursor.execute(query, (user_input,))
```
---
## 🟡 Important Issues
### Issue 2: [Title]
[Same structure as above]
---
## 🔵 Minor Issues
### Issue 3: [Title]
[Shorter format acceptable for minor issues]
---
## 💡 Suggestions
- [Optional improvement 1]
- [Optional improvement 2]
---
## ✅ Positive Observations
- [Good practice 1]
- [Well-implemented feature]
---
## Questions for Author
- [Clarifying question about design decision]
- [Question about intended behavior]
---
## Recommendations
1. Fix all critical issues before merge
2. Address important issues or provide justification
3. Consider minor improvements where feasible
4. Add tests for edge cases X, Y, Z
**Overall:** [Approve with suggestions / Request changes / Needs discussion]
```
## Common Issues by Language
### Python
```python
# ❌ Mutable default argument
def append_to(element, to=[]): # Bug: to persists across calls
to.append(element)
return to
# ✅ Correct
def append_to(element, to=None):
if to is None:
to = []
to.append(element)
return to
# ❌ Catching bare exceptions
try:
risky_operation()
except: # Too broad, masks errors
pass
# ✅ Specific exception handling
try:
risky_operation()
except ValueError as e:
logger.error(f"Invalid value: {e}")
raise
# ❌ String concatenation in loops
result = ""
for item in items:
result += str(item) # Creates new string each iteration
# ✅ Use join
result = "".join(str(item) for item in items)
```
### JavaScript/TypeScript
```javascript
// ❌ == instead of ===
if (value == null) { // Loose equality
// ...
}
// ✅ Strict equality
if (value === null || value === undefined) {
// ...
}
// ❌ Unhandled promise rejection
fetchData().then(data => process(data));
// ✅ Error handling
fetchData()
.then(data => process(data))
.catch(error => console.error('Error:', error));
// ❌ Variable shadowing
const name = "Global";
function greet() {
const name = "Local"; // Shadows outer name
console.log(name);
}
// ✅ Distinct names
const globalName = "Global";
function greet() {
const userName = "User";
console.log(userName);
}
```
### Java
```java
// ❌ Resource leak
public void readFile(String path) {
FileInputStream fis = new FileInputStream(path);
// ... use fis
// Missing close(),Applies abstract interpretation using different abstract domains (intervals, octagons, polyhedra, sign, congruence) to statically analyze program variables and infer invariants, value ranges, and relationships. Use when analyzing program properties, inferring loop invariants, detecting potential errors, or understanding variable relationships through static analysis.
Uses abstract interpretation to automatically infer loop invariants, function preconditions, and postconditions for formal verification. Generates invariants that capture program behavior and support correctness proofs in Dafny, Isabelle, Coq, and other verification systems. Use when adding formal specifications to code, generating verification conditions, inferring contracts for functions, or discovering loop invariants for proofs.
Performs abstract interpretation over source code to infer possible program states, variable ranges, and data properties without executing the program. Reports potential runtime errors including out-of-bounds accesses, null dereferences, type inconsistencies, division by zero, and integer overflows. Use when analyzing code for potential runtime errors, performing static analysis, checking safety properties, or verifying program behavior without execution.
Performs abstract interpretation to produce summarized execution traces and high-level program behavior representations. Highlights key control flow paths, variable relationships, loop invariants, function summaries, and potential runtime states using abstract domains (intervals, signs, nullness, etc.). Use when analyzing program behavior, understanding execution paths, computing loop invariants, tracking variable ranges, detecting potential runtime errors, or generating program summaries without concrete execution.
Create ACSL (ANSI/ISO C Specification Language) formal annotations for C/C++ programs. Use this skill when working with formal verification, adding function contracts (requires/ensures), loop invariants, assertions, memory safety annotations, or any ACSL specifications. Supports Frama-C verification and generates comprehensive formal specifications for C/C++ code.
CLI-based browser automation with persistent page state using ref-based element interaction. Use when users ask to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
Detects and analyzes ambiguous language in software requirements and user stories. Use when reviewing requirements documents, user stories, specifications, or any software requirement text to identify vague quantifiers, unclear scope, undefined terms, missing edge cases, subjective language, and incomplete specifications. Provides detailed analysis with clarifying questions and suggested improvements.
Design and review APIs with suggestions for endpoints, parameters, return types, and best practices. Use when designing new APIs from requirements, reviewing existing API designs, generating API documentation, or getting implementation guidance. Supports REST APIs with focus on endpoint structure, request/response schemas, authentication, pagination, filtering, versioning, and OpenAPI specifications. Triggers when users ask to design, review, document, or improve APIs.