What is the purpose of the code-review skill?

To review code changes for quality, security, and best practices and produce a structured report.

What should findings include?

Line references and concrete fixes aligned with the Review Summary and the Findings sections (CRITICAL, WARNING, SUGGESTION).

What templates are used for output?

A standardized report with Review Summary, Findings (CRITICAL, WARNING, SUGGESTION), and What's Done Well, as shown in the Skill's Output Format.

code-review

npx machina-cli add skill open-gitagent/gitagent/code-review --openclaw

Files (1)

SKILL.md

875 B

Code Review

Instructions

When reviewing code:

Read the full diff or file provided
Check for security vulnerabilities (OWASP Top 10)
Evaluate error handling completeness
Assess code complexity and readability
Verify naming conventions and code style
Look for performance issues
Check for proper input validation

Output Format

## Review Summary
[1-2 sentence overview]

## Findings

### CRITICAL
- [Finding with line reference and fix]

### WARNING
- [Finding with line reference and fix]

### SUGGESTION
- [Finding with line reference and fix]

## What's Done Well
- [Positive observations]

Source

git clone https://github.com/open-gitagent/gitagent/blob/main/examples/standard/skills/code-review/SKILL.mdView on GitHub

Overview

This skill audits code changes for quality, security, and best practices. It follows a structured review flow to assess security risks (OWASP Top 10), error handling, readability, naming, style, performance, and input validation, then outputs a ready-to-action report.

How This Skill Works

It ingests the full diff or file, runs checks across security, error handling, complexity, readability, naming/style, performance, and input validation, and aggregates findings. The result is a standardized report containing a Review Summary, Findings separated into CRITICAL, WARNING, and SUGGESTION, plus a What's Done Well section.

When to Use It

Review a pull request diff for a new feature
Audit changes for OWASP Top 10 vulnerabilities
Ensure refactors adhere to naming and style conventions
Evaluate error handling completeness and input validation
Identify performance bottlenecks in updated code

Quick Start

Step 1: Read the full diff or file provided
Step 2: Run checks for security, error handling, readability, and performance
Step 3: Output a formatted review with a Review Summary, Findings (CRITICAL, WARNING, SUGGESTION), and What's Done Well

Best Practices

Read the full diff or file before judging changes
Check for security vulnerabilities (OWASP Top 10) first
Evaluate error handling and edge-case coverage
Assess code complexity and readability
Verify naming conventions, style, and input validation

Example Use Cases

Reviewing a new payment API changes for insecure handling of user input
Auditing a REST endpoint for OWASP Top 10 risks like SQL injection or XSS
Flagging edge-case handling in a batch processing job
Reinforcing naming conventions after a major refactor
Spotting performance hotspots in a data transformation module

Frequently Asked Questions

Add this skill to your agents