code-review
npx machina-cli add skill Geeksfino/openskills/code-review --openclawFiles (1)
SKILL.md
1.4 KB
Code Review Skill
Perform thorough code reviews following this methodology.
Review Checklist
1. Correctness
- Does the code do what it's supposed to do?
- Are there any logic errors?
- Are edge cases handled?
2. Security
- Input validation and sanitization
- Authentication and authorization
- Sensitive data handling
- SQL injection, XSS, and other vulnerabilities
3. Performance
- Algorithm complexity
- Unnecessary computations
- Memory leaks or inefficient memory usage
- Database query optimization
4. Maintainability
- Code readability and clarity
- Appropriate naming conventions
- Single responsibility principle
- DRY (Don't Repeat Yourself)
5. Testing
- Test coverage
- Edge case testing
- Integration tests where appropriate
Output Format
Structure your review as:
## Summary
[One paragraph overview]
## Critical Issues
[Must fix before merge]
## Suggestions
[Nice to have improvements]
## Positive Observations
[What's done well]
Guidelines
- Be constructive, not critical
- Explain why something is an issue
- Suggest specific fixes when possible
- Acknowledge good patterns and practices
Source
git clone https://github.com/Geeksfino/openskills/blob/main/examples/skills/code-review/SKILL.mdView on GitHub Overview
The code-review skill provides a structured, methodology-driven approach to evaluate code for correctness, security, performance, and maintainability. It uses a defined Review Checklist and a standardized Output Format to guide auditors through issues, improvements, and positives, ensuring problems are identified and actionable.
How This Skill Works
The skill analyzes code against key categories—Correctness, Security, Performance, Maintainability, and Testing—using static review practices and practical heuristics. It then emits a formatted report with sections: Summary, Critical Issues, Suggestions, and Positive Observations to support clear, actionable feedback.
When to Use It
- When asked to review or audit a pull request for correctness and quality
- During security audits for input validation, authentication, and data handling
- Before release to catch performance bottlenecks and unnecessary computations
- When evaluating maintainability, readability, naming conventions, and single responsibility
- When validating test coverage, edge-case handling, and integration tests
Quick Start
- Step 1: Gather the code (PR, branch, or module) and reproduce the scenario
- Step 2: Apply the Review Checklist (Correctness, Security, Performance, Maintainability, Testing) and annotate findings
- Step 3: Compile and share the structured report using the Output Format (Summary, Critical Issues, Suggestions, Positive Observations)
Best Practices
- Follow the Review Checklist categories (Correctness, Security, Performance, Maintainability, Testing)
- Explain why an issue is a problem and propose concrete fixes or code changes
- Be specific and reference exact patterns, lines, or APIs where possible
- Prioritize issues by impact and feasibility of fixes to avoid over-scoping
- Acknowledge good patterns and practices to reinforce quality and encourage best practices
Example Use Cases
- Spot a missing null check or edge-case handling and suggest guard clauses or input validation improvements
- Identify potential SQL injection or XSS risks and propose parameterized queries and sanitizer usage
- Flag a costly algorithm or redundant computation and recommend a more efficient approach or caching
- Point out insufficient test coverage and propose targeted unit and integration tests
- Recommend clearer variable naming and refactoring to satisfy the Single Responsibility Principle
Frequently Asked Questions
Add this skill to your agents
