What is the scope of this skill?

It provides a structured framework for code reviews that emphasize best practices, security, performance, and maintainability.

How should I categorize issues?

Use the severity levels Critical, Major, and Minor to align remediation priorities with risk and impact.

How do I handle sensitive data in reviews?

Redact any sensitive information in feedback, and focus on secure handling of inputs, outputs, and configurations; review dependencies for security risks.

code-review

Scanned

npx machina-cli add skill dewitt4/claude-code-template/code-review --openclaw

Files (1)

SKILL.md

2.3 KB

Code Review Skill

When performing code reviews, follow this systematic approach:

Review Checklist

1. Code Quality

Readability: Is the code easy to understand? Are variable and function names descriptive?
Simplicity: Is the code as simple as it can be? Any unnecessary complexity?
DRY Principle: Is there code duplication that should be abstracted?
Consistency: Does the code follow project conventions and style guidelines?

2. Functionality

Correctness: Does the code do what it's supposed to do?
Edge Cases: Are edge cases and error conditions handled?
Logic: Is the logic sound and easy to follow?
Testing: Are there adequate tests? Do they cover important scenarios?

3. Security

Input Validation: Is user input properly validated and sanitized?
Authentication/Authorization: Are security checks in place?
Sensitive Data: Is sensitive data properly protected?
Dependencies: Are dependencies up-to-date and secure?

4. Performance

Efficiency: Are there any obvious performance issues?
Resource Usage: Is memory and CPU usage reasonable?
Scalability: Will this code scale with increased load?
Database Queries: Are queries optimized (N+1 problems, indexes)?

5. Maintainability

Documentation: Is complex logic documented?
Error Handling: Are errors handled gracefully with helpful messages?
Modularity: Is the code properly modularized?
Technical Debt: Does this introduce or reduce technical debt?

Review Format

Provide feedback in this structure:

✅ Strengths

List what the code does well

⚠️ Issues Found

Categorize by severity:

Critical: Security issues, bugs, data loss risks
Major: Performance problems, architectural concerns
Minor: Style issues, minor improvements

💡 Suggestions

Specific, actionable recommendations with code examples when helpful

📝 Summary

Brief overall assessment and priority recommendations

Tone

Be constructive and respectful
Explain the "why" behind suggestions
Offer alternatives when criticizing
Acknowledge good practices

Source

git clone https://github.com/dewitt4/claude-code-template/blob/main/.claude/skills/code-review/SKILL.mdView on GitHub

Overview

This skill provides a structured approach to code reviews, focusing on code quality, functionality, security, performance, and maintainability. By following a documented checklist and feedback format, reviewers deliver precise, actionable improvements that reduce bugs and technical debt.

How This Skill Works

Apply the Review Checklist (Code Quality, Functionality, Security, Performance, Maintainability) to the changed code. Use the prescribed Review Format (✅ Strengths, ⚠️ Issues Found with severity, 💡 Suggestions, 📝 Summary) to structure feedback, and maintain a constructive, explanatory tone that clarifies the rationale behind each recommendation.

When to Use It

Review new PRs to ensure adherence to the five-category checklist before merge
Audit security-sensitive modules to verify input validation, auth checks, and data protection
Evaluate performance-critical paths to identify inefficiencies and optimize queries or algorithms
Perform maintenance passes on legacy or refactored code to reduce technical debt
Onboard new engineers by modeling the codebase's best practices and review expectations

Quick Start

Step 1: Open the PR and run the Review Checklist across all changed files
Step 2: Fill in Strengths, ⚠️ Issues Found (Critical/Major/Minor), and actionable 💡 Suggestions
Step 3: Add a concise 📝 Summary, note follow-ups, and request tests if needed

Best Practices

Follow the 5-category checklist for every review to maintain consistency
Provide concrete, code-level feedback with before/after examples when possible
Prioritize issues by severity (Critical > Major > Minor) to guide remediation focus
Verify tests cover both common and edge cases, including failure scenarios
Document reasoning and potential impact on technical debt and future work

Example Use Cases

PR review for input validation and sanitization to prevent injection flaws
Security audit of an authentication/authorization flow and session handling
Refactor of a data access layer to fix N+1 queries and add appropriate indexes
Improve error handling and user-facing messages for API endpoints
Update dependencies to secure, up-to-date versions and remove deprecated APIs

Frequently Asked Questions

Add this skill to your agents