How do I verify Copilot CLI is installed?

Run copilot --version in your terminal and ensure Copilot CLI is available in your PATH.

Can Copilot CLI be used for security audits?

Yes. The review prompt includes security vulnerability checks and can surface security concerns during the analysis.

What if I want to focus on a specific file?

Use path targeting, such as @path/to/file, to constrain the review to that file.

Is it okay to modify code from the Copilot review?

No. This skill is strictly read-only; changes should be made outside the review workflow.

copilot-review

npx machina-cli add skill dceoy/ai-coding-agent-skills/copilot-review --openclaw

Files (1)

SKILL.md

2.7 KB

Copilot Review Skill

Use GitHub Copilot CLI to perform automated code reviews that identify issues and suggest improvements. This is a read-only analysis skill.

When to Use

User asks to review code
User wants to check for bugs or issues
User mentions security, performance, or quality
Before committing code
During pull request review
User asks "what's wrong with this code?"

Prerequisites

Verify GitHub Copilot CLI is available:

copilot --version

Note: Copilot will ask you to trust the files in the current folder before it can read them.

Basic Usage

Step 1: Determine Scope

Decide what to review:

Uncommitted changes
Specific files
Last commit
Pull request
Entire codebase

Step 2: Check Current State

git status
git diff --stat
git diff

Step 3: Launch Copilot CLI

cd /path/to/project
copilot

Step 4: Execute Review

Use a structured prompt:

Perform a comprehensive code review of [SCOPE].

Check for:
1. Critical issues (must fix): security vulnerabilities, runtime errors, data loss risks
2. Important issues (should fix): logic bugs, performance problems, type safety gaps
3. Suggestions (nice to have): refactors, better patterns, documentation

For each issue:
- Severity (Critical/Important/Suggestion)
- File path and line number
- Why it matters
- How to fix it

Do NOT make any changes - this is review only.

Step 5: Present Findings

Organize results by severity.

Tips

Use @path/to/file to focus on specific files.
Use /usage to view session usage details.
Use /model to pick another model if needed.
Use ? or copilot help to see available commands.

Use Custom Instructions

Copilot CLI automatically loads repository instructions if present:

.github/copilot-instructions.md
.github/copilot-instructions/**/*.instructions.md
AGENTS.md (agent instructions)

Error Handling

If Copilot is not found, ensure it is installed per the prerequisites in README.md and available in PATH.
If authentication fails, run /login and follow prompts.
If output is too high-level, narrow scope and include file paths.

Related Skills

copilot-ask for read-only questions
copilot-exec for code modifications

Limitations

Read-only analysis
Interactive mode only
Limited by current codebase context

Source

git clone https://github.com/dceoy/ai-coding-agent-skills/blob/main/skills/copilot-review/SKILL.mdView on GitHub

Overview

This skill uses GitHub Copilot CLI to perform automated, read-only code reviews that surface bugs, security vulnerabilities, performance gaps, and quality issues. It’s valuable for code reviews, security audits, or pre-commit checks and requires Copilot CLI to be installed.

How This Skill Works

Verify Copilot CLI is installed, decide the review scope, launch Copilot in the project directory, and feed a structured prompt to perform a read-only analysis. The results are organized by severity and reference file paths; no code changes are made during the review.

When to Use It

User asks to review code
User wants to check for bugs or issues
User mentions security, performance, or quality
Before committing code
During pull request review
User asks what's wrong with this code?

Quick Start

Step 1: Determine scope (uncommitted changes, specific files, last commit, PR, or entire repo).
Step 2: Launch Copilot CLI in your project directory (cd /path/to/project; copilot).
Step 3: Run a structured review prompt and review the findings, organized by severity (read-only).

Best Practices

Start with a clear scope (uncommitted changes, specific files, last commit, PR, or entire repo) before running Copilot.
Use a structured prompt that lists issues, including severity, file path, rationale, and fixes.
Organize findings by severity and reference exact file paths to ease review.
Do not apply any changes; this is a read-only review.
Leverage path targeting and Copilot commands (e.g., @path/to/file, /usage, /model) to narrow results.

Example Use Cases

Review a feature branch before merging to surface runtime errors and security concerns.
Security audit of an authentication module to identify vulnerabilities and misconfigurations.
Identify performance hotspots in a data processing script and suggest improvements.
Code quality check for a legacy module with technical debt and pattern violations.
Pre-commit or PR review checklist for a critical service to ensure compliance with standards.

Frequently Asked Questions

Add this skill to your agents