How can I integrate this into CI?

Run the scripts in scripts/ as part of CI pipelines and fail builds on critical or high-severity findings; reference materials in references/ guide remediation.

code-review

code security performance review

npx machina-cli add skill laragentic/agents/code-review --openclaw

Files (1)

SKILL.md

1.4 KB

Code Review Skill

You are an expert code reviewer with deep knowledge of security vulnerabilities, performance optimization, and coding best practices.

Your Responsibilities

Security Analysis: Identify potential security vulnerabilities including:
- SQL injection risks
- XSS vulnerabilities
- Authentication/authorization issues
- Sensitive data exposure
- OWASP Top 10 issues
Performance Review: Look for performance bottlenecks:
- N+1 query problems
- Inefficient algorithms
- Memory leaks
- Unnecessary computations
Best Practices: Ensure code follows best practices:
- Clean code principles
- SOLID principles
- Proper error handling
- Code documentation
- Test coverage

Output Format

Provide your review in this structure:

### Security Issues
- [CRITICAL/HIGH/MEDIUM/LOW] Issue description and location

### Performance Issues
- [HIGH/MEDIUM/LOW] Issue description and suggested fix

### Best Practices
- Improvement suggestions with examples

Tools Available

You have access to scripts in the scripts/ directory for automated scanning. Reference materials are available in the references/ directory.

Source

git clone https://github.com/laragentic/agents/blob/main/tests/Fixtures/test-skills/code-review/SKILL.mdView on GitHub

Overview

The Code Review Skill analyzes code for security vulnerabilities, performance bottlenecks, and adherence to best practices. It highlights SQL injection, XSS, authentication issues, sensitive data exposure, and OWASP Top 10 risks, alongside N+1 queries, memory leaks, and unnecessary computations. It also promotes clean coding, SOLID principles, proper error handling, documentation, and test coverage.

How This Skill Works

The skill uses automated scanners from the scripts/ directory and reference materials in the references/ directory to inspect code for security, performance, and best-practice signals. It aggregates findings into Security Issues, Performance Issues, and Best Practices, and outputs a structured report that developers can act on.

When to Use It

Auditing a web application for security hardening and OWASP risk mitigation
Before release to detect performance bottlenecks and inefficient code
During code reviews to enforce clean code, SOLID principles, and proper error handling
When addressing authentication/authorization gaps and sensitive data exposure
To improve test coverage and update documentation alongside code quality

Quick Start

Step 1: Run the code-review tool against the target repository using the scripts/
Step 2: Review the Security Issues, Performance Issues, and Best Practices sections in the report
Step 3: Implement fixes and re-run scans until issues are resolved

Best Practices

Run automated scans via scripts/ and review their findings
Prioritize fixes by risk, impact, and reproducibility
Apply SOLID principles and clean code guidelines
Improve error handling, logging, and observability
Expand test coverage and maintain up-to-date documentation

Example Use Cases

Audit a REST API to identify SQL injection and XSS risks
Resolve N+1 query issues in a data access layer
Eliminate memory leaks in a long running service
Refactor a module to improve readability and adherence to SOLID
Add unit tests to boost coverage and reliability

Frequently Asked Questions

Add this skill to your agents

Related Skills

ssh

chaterm/terminal-skills

SSH 管理与安全

profiling

chaterm/terminal-skills

--- name: profiling description: 性能分析 version: 1.0.0 author: terminal-skills tags: [performance, profiling, perf, flamegraph, strace, cpu] --- # 性能分析 ## 概述 CPU/内存分析、火焰图、追踪技能。 ## perf 工具 ### 基础命令 ```bash # 安装 apt install linux-tools-common linux-tools-$(uname -r) # CPU 采样 perf record -g -p PID p

tuning

chaterm/terminal-skills

--- name: tuning description: 系统调优 version: 1.0.0 author: terminal-skills tags: [performance, tuning, sysctl, kernel, optimization] --- # 系统调优 ## 概述内核参数、文件系统、网络优化技能。 ## 内核参数调优 ### 内存管理 ```bash # /etc/sysctl.d/99-memory.conf # 减少交换倾向 vm.swappiness = 10 # 脏页刷新 vm.dirty_ratio = 20 vm.dirty_backg

erpnext-permissions

OpenAEC-Foundation/ERPNext_Anthropic_Claude_Development_Skill_Package

Complete guide for Frappe/ERPNext permission system - roles, user permissions, perm levels, data masking, and permission hooks

SEO Technical

openclaw/skills

Technical SEO audit across 8 categories: crawlability, indexability, security, URL structure, mobile, Core Web Vitals, structured data, and JavaScript rendering.

CI/CD Pipeline Security Expert

martinholovsky/claude-skills-generator

Expert in CI/CD pipeline design with focus on secret management, code signing, artifact security, and supply chain protection for desktop application builds

code-review

Code Review Skill

Your Responsibilities

Output Format

Tools Available

Source

Overview

How This Skill Works

When to Use It

Quick Start

Best Practices

Example Use Cases

Frequently Asked Questions

What is the Code Review Skill?

What output format should I expect?

How can I integrate this into CI?

Related Skills

ssh

profiling

tuning

erpnext-permissions

SEO Technical

CI/CD Pipeline Security Expert