Can it handle large diffs or full repositories?

Yes. It can process large diffs and summarize across dimensions, highlighting the most critical issues first and providing actionable guidance.

Do I need to provide context like tests or dependencies?

While not required, supplying project context and test coverage improves accuracy. The review will still surface issues based on the provided code, with references to fixes.

code-review

npx machina-cli add skill anthropics/knowledge-work-plugins/code-review --openclaw

Files (1)

SKILL.md

1.3 KB

Code Review

Structured code review covering security, performance, correctness, and maintainability. Works on diffs, PRs, files, or pasted code snippets.

Review Dimensions

Security

SQL injection, XSS, CSRF
Authentication and authorization flaws
Secrets or credentials in code
Insecure deserialization
Path traversal
SSRF

Performance

N+1 queries
Unnecessary memory allocations
Algorithmic complexity (O(n²) in hot paths)
Missing database indexes
Unbounded queries or loops
Resource leaks

Correctness

Edge cases (empty input, null, overflow)
Race conditions and concurrency issues
Error handling and propagation
Off-by-one errors
Type safety

Maintainability

Naming clarity
Single responsibility
Duplication
Test coverage
Documentation for non-obvious logic

Output Format

Rate each dimension and provide specific, actionable findings with file and line references. Prioritize critical issues first. Always include positive observations alongside issues.

Source

git clone https://github.com/anthropics/knowledge-work-plugins/blob/main/engineering/skills/code-review/SKILL.mdView on GitHub

Overview

Code Review provides a structured assessment across security, performance, correctness, and maintainability. It works on diffs, PRs, files, or pasted code snippets to surface critical issues and actionable fixes, with positive observations included.

How This Skill Works

Provide code input as a diff, PR link, file, or snippet. The tool rates each dimension—Security, Performance, Correctness, and Maintainability—and returns prioritized findings with file and line references, plus positive observations. It looks for patterns like SQL injections, N+1 queries, edge-case failures, and naming or duplication issues.

When to Use It

Review a PR before merging to catch defects early
Inspect a diff that touches authentication, data access, or user input
Evaluate a pasted code snippet for potential safety or correctness concerns
Audit for performance hotspots, resource leaks, or missing indexes
Perform a maintainability check during refactors or tech debt sprints

Quick Start

Step 1: Paste the diff, PR link, or code snippet into the review tool
Step 2: Choose focus areas (security, performance, correctness, maintainability) or run all dimensions
Step 3: Review the prioritized findings with file:line references and implement fixes

Best Practices

Provide a complete diff or code snippet with file paths and line numbers
Clarify the focus areas (security, performance, correctness, maintainability) or run for all dimensions
Include context about dependencies, input surfaces, and expected behavior
Balance findings with positive observations to reinforce good practices
Prioritize critical issues first and attach concrete fix suggestions

Example Use Cases

Review a PR modifying the auth flow to identify potential authorization bypasses and add missing tests
Analyze a data-access diff for N+1 queries and missing indexes, with recommended query rewrites
Inspect a pasted snippet for XSS risks and unsafe deserialization patterns
Audit a large refactor for maintainability signs like code duplication and unclear naming
Pre-release security sweep of an API endpoint handler for CSRF and rate-limiting gaps

Frequently Asked Questions

Add this skill to your agents