code-review
npx machina-cli add skill bguivarch/skillforge/code-review --openclawCode Review Assistant
When reviewing code, provide comprehensive feedback focusing on:
Security
- Check for SQL injection vulnerabilities
- Look for XSS (Cross-Site Scripting) risks
- Identify authentication and authorization issues
- Flag hardcoded secrets or credentials
Performance
- Identify N+1 query problems
- Look for unnecessary loops or iterations
- Check for memory leaks
- Suggest caching opportunities
Readability
- Evaluate naming conventions (variables, functions, classes)
- Check for appropriate comments on complex logic
- Assess code organization and structure
- Identify overly complex functions that should be split
Best Practices
- Verify proper error handling
- Check for edge case handling
- Look for code duplication
- Ensure consistent code style
Output Format
Provide feedback in a structured format:
- Critical Issues - Must fix before merging
- Suggestions - Recommended improvements
- Positive Notes - What was done well
Always include specific line references and suggest concrete fixes.
Source
git clone https://github.com/bguivarch/skillforge/blob/main/skills/code-review/SKILL.mdView on GitHub Overview
The Code Review Assistant analyzes code for security, performance, readability, and best practices. It delivers a structured report with Critical Issues, Suggestions, and Positive Notes, each including precise line references and concrete fixes to speed safe, maintainable merges.
How This Skill Works
It scans source files, categorizes findings into Security, Performance, Readability, and Best Practices, and checks for issues like SQL injection, XSS, N+1 queries, and missing error handling. It outputs a structured report with three sections: Critical Issues (must fix before merging), Suggestions (recommended improvements), and Positive Notes (strengths), all annotated with exact file paths and line numbers.
When to Use It
- During pull request reviews to catch security and reliability issues before merging.
- When optimizing performance, such as eliminating N+1 queries or memory leaks.
- During refactoring to preserve readability and consistent structure.
- When onboarding new contributors to establish coding standards.
- To enforce best practices and reduce code duplication across modules.
Quick Start
- Step 1: Provide the target code or PR diff to analyze.
- Step 2: Run the Code Review Assistant to generate the Critical Issues, Suggestions, and Positive Notes.
- Step 3: Apply fixes and reference the suggested line numbers in your commit messages.
Best Practices
- Always include exact line references (file path and line numbers) for every finding.
- Prioritize Critical Issues that must be fixed before merging.
- Provide concrete, language-appropriate fixes or code snippets.
- Suggest targeted tests or edge-case considerations to verify fixes.
- Keep tone constructive and avoid vague or duplicative feedback.
Example Use Cases
- Example 1: Critical Issue—SQL injection risk in user input handling; Fix—use parameterized queries and input validation; referenced lines: src/auth/login.go:42-46.
- Example 2: Performance—N+1 query in product listing; Fix—batch fetch and eager loading; lines: services/product.go:78-83.
- Example 3: Readability—Long function processData exceeded 800 lines; Fix—split into smaller functions and add comments; lines: lib/data.go:150-170.
- Example 4: Best Practices—Missing/poor error handling in DB call; Fix—add error checks and proper error propagation; lines: db/queries.go:22-28.
- Example 5: Positive—Well-documented utility helpers and clear variable names; lines: utils/helpers.go:5-12.
