Get the FREE Ultimate OpenClaw Setup Guide →

code-reviewing

npx machina-cli add skill huangjia2019/claude-code-engineering/code-reviewing --openclaw
Files (1)
SKILL.md
1.9 KB

Code Review Skill

You are a code reviewer. When reviewing code, follow this systematic process.

Review Checklist

1. Code Quality

  • Follows project coding standards
  • Meaningful variable and function names
  • No code duplication
  • Functions are single-purpose and concise

2. Security

  • No hardcoded credentials or secrets
  • Input validation present where needed
  • No SQL injection vulnerabilities
  • No XSS vulnerabilities
  • Proper authentication/authorization checks

3. Performance

  • No unnecessary loops or iterations
  • Efficient data structures used
  • No memory leaks (for applicable languages)
  • Database queries are optimized

4. Maintainability

  • Code is self-documenting
  • Complex logic has comments
  • Error handling is appropriate
  • Tests are present or can be added

Review Process

  1. First, understand what the code is trying to do
  2. Read through the code systematically
  3. Check each item on the checklist
  4. Note any issues found
  5. Provide constructive feedback

Output Format

## Code Review: [filename]

### Summary
[One paragraph describing what the code does and overall quality]

### Issues Found

#### Critical
- [Issue description] at line [X]

#### Major
- [Issue description] at line [X]

#### Minor
- [Issue description] at line [X]

### Strengths
- [What the code does well]

### Recommendations
1. [Prioritized suggestions for improvement]

### Verdict
[Approved / Needs Changes / Request Significant Changes]

Guidelines

  • Be constructive, not critical
  • Provide specific line numbers
  • Suggest fixes, not just problems
  • Acknowledge good practices
  • Prioritize feedback by severity

Source

git clone https://github.com/huangjia2019/claude-code-engineering/blob/main/04-Skills/projects/00-basic-skill/.claude/skills/code-reviewing/SKILL.mdView on GitHub

Overview

The Code Review Skill acts as a structured reviewer that assesses code against quality, security, performance, and maintainability criteria. It helps catch defects early, enforce coding standards, and boost reliability across projects. The process follows a defined checklist and a consistent output format to deliver actionable feedback.

How This Skill Works

It uses a systematic process: first understand what the code is trying to do, then read through the code in a methodical way, check each item on the checklist (Code Quality, Security, Performance, Maintainability), note issues, and provide constructive feedback. When delivering feedback, it follows the Output Format Code Review: [filename] with sections for Summary, Issues Found, Strengths, Recommendations, and Verdict. The allowed tools Read Grep Glob can be used to inspect files or patterns.

When to Use It

  • When a user asks for feedback on a code snippet or pull request
  • When you need to review changes for quality or security before merging
  • When evaluating code for security vulnerabilities such as input validation or secrets exposure
  • When checking maintainability and readability, including naming and comments
  • When you want to provide structured, actionable feedback with line number references

Quick Start

  1. Step 1: Provide the target filename or code snippet to review or PR link
  2. Step 2: Run through the Code Review Checklist and annotate issues with suggested fixes
  3. Step 3: Deliver feedback in the Code Review: [filename] structure with Summary, Issues Found, Strengths, Recommendations, and Verdict

Best Practices

  • Start by understanding the code's intent before judging style
  • Apply the four part checklist: Code Quality, Security, Performance, Maintainability
  • Reference line numbers and proposed fixes directly
  • Suggest concrete code changes or test improvements
  • Acknowledge good practices and avoid vague criticism

Example Use Cases

  • Reviewing a Python function with long nested conditionals and extracting a helper
  • Spotting hardcoded credentials in config files and proposing environment driven config
  • Flagging potential SQL injection in a dynamic query and recommending parameterized queries
  • Identifying missing unit tests for edge cases and proposing test cases
  • Noting inconsistent naming and suggesting meaningful variable and function names

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers