smart-review
npx machina-cli add skill RockaRhymeLLC/claude-code-skills/smart-review --openclawFiles (1)
SKILL.md
5.9 KB
Smart Code Review
Perform thorough, actionable code reviews on git changes. Catches real bugs and security issues, not just style nits.
When to Activate
- User asks to review code changes
- User says
/smart-reviewor "review my code" or "check this PR" - User wants feedback before committing or merging
Instructions
Step 1: Determine Review Scope
Identify what to review based on user context:
# Option A: Review uncommitted changes
git diff --stat
git diff
# Option B: Review staged changes
git diff --cached --stat
git diff --cached
# Option C: Review branch vs base (PR review)
BASE_BRANCH="${1:-main}"
git log --oneline "$BASE_BRANCH"..HEAD
git diff --stat "$BASE_BRANCH"..HEAD
git diff "$BASE_BRANCH"..HEAD
# Option D: Review a specific commit
git show --stat <commit>
git show <commit>
If no changes are found, inform the user and stop.
For large diffs (>500 lines changed), read key files individually rather than relying solely on the diff — context from surrounding code matters.
Step 2: Analyze for Issues
Review the diff systematically, checking each category:
Critical (Must Fix)
- Bugs: Logic errors, off-by-one, null/undefined access, race conditions, infinite loops
- Security: SQL injection, XSS, command injection, hardcoded secrets, path traversal, insecure deserialization
- Data loss: Destructive operations without confirmation, missing error handling on writes, uncaught exceptions that could corrupt state
Important (Should Fix)
- Error handling: Missing try/catch on I/O, swallowed errors, generic catch blocks that hide failures
- Edge cases: Empty arrays, null inputs, boundary values, concurrent access, timeout handling
- API contracts: Breaking changes to public interfaces, missing validation on inputs, inconsistent return types
- Resource management: Unclosed connections, memory leaks, missing cleanup in finally blocks
Suggestions (Consider)
- Performance: N+1 queries, unnecessary re-renders, large allocations in hot paths, missing indexes
- Maintainability: Complex conditionals that could be simplified, duplicated logic, unclear variable names
- Testing: Untested code paths, assertions that don't verify the right thing, flaky test patterns
- Design: Tight coupling, mixed responsibilities, patterns that will cause pain as the codebase grows
Step 3: Read Surrounding Context
For each potential issue found in Step 2, read the full file to verify:
# Don't flag something as a bug if the surrounding code handles it
# Don't flag a "missing null check" if the caller guarantees non-null
# Don't flag a performance issue if the data set is always small
Key principle: Only flag issues you're confident about. A false positive wastes the developer's time and erodes trust. When in doubt, phrase it as a question rather than a finding.
Step 4: Generate Review
Organize findings by severity. Use this template:
## Code Review
**Scope**: [what was reviewed — branch, commits, or staged changes]
**Files**: [number] files, [additions] insertions(+), [deletions] deletions(-)
### Critical
> [file:line] **Issue title**
>
> [Explanation of the problem and its impact]
>
> ```diff
> - [current code]
> + [suggested fix]
> ```
### Important
> [file:line] **Issue title**
>
> [Explanation and suggestion]
### Suggestions
> [file:line] **Issue title**
>
> [Explanation and suggestion]
### What Looks Good
- [Positive callout — something done well]
- [Another positive callout]
### Summary
**Verdict**: Ready to merge / Needs minor fixes / Needs rework
[1-2 sentence overall assessment explaining the verdict]
Step 5: Present and Discuss
- Show the review to the user
- Offer to fix any Critical or Important issues directly
- If reviewing a PR, offer to post the review as a comment via
gh pr review
Review Principles
- Be specific: "This could fail when X is null" > "Consider null checks"
- Explain impact: "This SQL is injectable, allowing data exfiltration" > "Security issue"
- Suggest fixes: Show code, not just descriptions. Make it easy to act on.
- Acknowledge good work: Call out clean patterns, good test coverage, clever solutions
- Respect intent: Understand what the developer was trying to do before suggesting alternatives
- Prioritize: A review with 3 real issues beats one with 30 style nits
- Skip the obvious: Don't flag formatting, naming conventions, or import ordering unless they cause actual confusion
Severity Guide
| Severity | Criteria | Examples |
|---|---|---|
| Critical | Will cause bugs, security holes, or data loss in production | SQL injection, uncaught exception in payment flow, race condition on shared state |
| Important | Could cause problems under certain conditions, or makes future bugs likely | Missing error handling on network call, breaking API change without migration |
| Suggestion | Improvement that would make the code better but isn't urgent | Extracting a helper function, adding an index, simplifying a conditional |
Edge Cases
- Trivial changes (typos, formatting): Skip the formal review format, just confirm it looks good
- Generated code (migrations, lockfiles): Note that it's generated and focus only on the generator config
- Dependency updates: Check the changelog for breaking changes, verify version constraints
- Large refactors: Focus on the design rather than line-by-line — does the new structure make sense?
- First contribution: Be extra welcoming. Suggest improvements gently and acknowledge the effort
Source
git clone https://github.com/RockaRhymeLLC/claude-code-skills/blob/main/skills/smart-review/SKILL.mdView on GitHub Overview
Smart Code Review performs thorough, actionable reviews of git diffs, identifying bugs, security issues, performance problems, and design concerns. It delivers structured feedback organized by severity to help teams review and merge safely.
How This Skill Works
First, determine the review scope (uncommitted, staged, PR/branch, or a specific commit) using git commands. Next, analyze the diff across categories (Critical, Important, Suggestions) while reading surrounding context to avoid false positives. Finally, generate a structured review with a clear template, including What Looks Good and a Summary for fast decision-making.
When to Use It
- Review uncommitted changes
- Review staged changes
- Review a PR or branch vs base
- Review a specific commit
- When prompted with /smart-review or 'review my code' command
Quick Start
- Step 1: Identify the diff scope (uncommitted, staged, PR, or commit) using the provided git commands.
- Step 2: Analyze the diff systematically, categorizing findings as Critical, Important, or Suggestions, and read surrounding context.
- Step 3: Generate the review using the structured template and deliver a clear verdict with concrete fixes.
Best Practices
- Define the review scope before starting to avoid scope creep
- Flag issues with precise file:line references and clear impact
- Read surrounding context to verify the finding and avoid false positives
- Organize findings by severity and provide concrete fix suggestions
- Phrase uncertain items as questions to invite discussion
Example Use Cases
- Example: A diff introduces an off-by-one bug in a loop; the reviewer suggests a safe index range and adds a defensive check.
- Example: A new API path concatenates user input into a SQL string; reviewer flags potential injection and recommends parameterized queries.
- Example: A file write operation lacks error handling; reviewer notes data loss risk and proposes try/catch with rollback.
- Example: An ORM usage causes N+1 queries; reviewer recommends eager loading or query optimization.
- Example: A function's return type changes without updating callers; reviewer documents API contract impact and updates dependent code.
Frequently Asked Questions
Add this skill to your agents
