Get the FREE Ultimate OpenClaw Setup Guide β†’

code-review-checklist

Scanned
npx machina-cli add skill vudovn/antigravity-kit/code-review-checklist --openclaw
Files (1)
SKILL.md
2.5 KB

Code Review Checklist

Quick Review Checklist

Correctness

  • Code does what it's supposed to do
  • Edge cases handled
  • Error handling in place
  • No obvious bugs

Security

  • Input validated and sanitized
  • No SQL/NoSQL injection vulnerabilities
  • No XSS or CSRF vulnerabilities
  • No hardcoded secrets or sensitive credentials
  • AI-Specific: Protection against Prompt Injection (if applicable)
  • AI-Specific: Outputs are sanitized before being used in critical sinks

Performance

  • No N+1 queries
  • No unnecessary loops
  • Appropriate caching
  • Bundle size impact considered

Code Quality

  • Clear naming
  • DRY - no duplicate code
  • SOLID principles followed
  • Appropriate abstraction level

Testing

  • Unit tests for new code
  • Edge cases tested
  • Tests readable and maintainable

Documentation

  • Complex logic commented
  • Public APIs documented
  • README updated if needed

AI & LLM Review Patterns (2025)

Logic & Hallucinations

  • Chain of Thought: Does the logic follow a verifiable path?
  • Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
  • External State: Is the code making safe assumptions about file systems or networks?

Prompt Engineering Review

// ❌ Vague prompt in code
const response = await ai.generate(userInput);

// βœ… Structured & Safe prompt
const response = await ai.generate({
  system: "You are a specialized parser...",
  input: sanitize(userInput),
  schema: ResponseSchema
});

Anti-Patterns to Flag

// ❌ Magic numbers
if (status === 3) { ... }

// βœ… Named constants
if (status === Status.ACTIVE) { ... }

// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }

// βœ… Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work

// ❌ Long functions (100+ lines)
// βœ… Small, focused functions

// ❌ any type
const data: any = ...

// βœ… Proper types
const data: UserData = ...

Review Comments Guide

// Blocking issues use πŸ”΄
πŸ”΄ BLOCKING: SQL injection vulnerability here

// Important suggestions use 🟑
🟑 SUGGESTION: Consider using useMemo for performance

// Minor nits use 🟒
🟒 NIT: Prefer const over let for immutable variable

// Questions use ❓
❓ QUESTION: What happens if user is null here?

Source

git clone https://github.com/vudovn/antigravity-kit/blob/main/.agent/skills/code-review-checklist/SKILL.mdView on GitHub

Overview

Guidelines for evaluating code quality, security, performance, testing, and documentation during reviews. It also includes AI/LLM review patterns and anti-patterns to prevent common issues.

How This Skill Works

Apply the Quick Review Checklist sections (Correctness, Security, Performance, Code Quality, Testing, Documentation) during each review. Use the AI & LLM Review Patterns to detect logic flaws and prompt engineering issues, and consult the Anti-Patterns to flag bad practices. Record findings with the Review Comments Guide.

When to Use It

  • Before merging a PR to ensure correctness and security
  • During security audits to spot vulnerabilities like injections or hardcoded secrets
  • While optimizing performance, to catch N+1 queries and caching opportunities
  • During refactoring to improve DRY, naming, and SOLID adherence
  • When updating public APIs or README to ensure accurate documentation

Quick Start

  1. Step 1: Open the Quick Review Checklist and scan each category (Correctness, Security, Performance, Code Quality, Testing, Documentation)
  2. Step 2: Mark items as OK or Issues and note the exact lines or files affected
  3. Step 3: Record blockers or suggestions using the Review Comments Guide with the appropriate emoji tags

Best Practices

  • Follow the checklist categories (Correctness, Security, Performance, Code Quality, Testing, Documentation) in every review
  • Tailor the checklist to your project’s risk level and tech stack
  • Pair manual checks with automated tests; verify edge cases
  • Document findings and recommended fixes clearly; reference file paths and line numbers
  • Use Review Comments Guide and consistent emoji-tagged feedback (e.g., block, suggestion, nit, question)

Example Use Cases

  • Review a PR that adds authentication queries; validate input sanitization, prevent SQL injection, and ensure no hardcoded credentials
  • Audit an AI-assisted module for prompt handling and output sanitization to prevent prompt injection
  • Refactor a module to remove duplicate code while preserving SOLID principles and clear naming
  • Add unit tests for new code and ensure edge cases are covered
  • Update README and public API docs to reflect new behavior

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers β†—