code-review_skill

Overview

This skill provides a structured code-review workflow that systematically analyzes code quality, security, and best practices. It produces actionable findings, severity-ranked issues, and concrete remediation suggestions including code fixes. The goal is to accelerate pull request reviews, detect vulnerabilities early, and improve maintainability.

How this skill works

The skill reads project files, detects language and framework (TypeScript focus), and maps control and data flow to understand business logic. It runs a staged analysis: static style and complexity checks, security scans for input validation and injection vectors, and performance spot checks for algorithm and resource risks. Results are assembled into a concise report with scores, prioritized issues, and suggested code changes.

When to use it

• During pull request reviews to provide an independent checklist-driven audit
• Before merging critical features or refactors to catch regressions and vulnerabilities
• As part of release quality gating to verify maintainability and performance targets
• When onboarding new contributors to assess code consistency and training needs

Best practices

• Run the review early in the merge process to reduce rework
• Provide minimal reproductions or unit tests when reporting bugs to speed fixes
• Prioritize security findings as blockers and supply concrete patch suggestions
• Include contextual code snippets and line references for every issue
• Balance critique with highlighted strengths to encourage maintainable contributions

Example use cases

• Automated review of a TypeScript pull request to flag unsafe any usage and missing input sanitization
• Security audit for endpoints to detect SQL/XSS injection patterns and auth bypass risks
• Pre-refactor analysis that maps hotspots of high cyclomatic complexity and duplicated logic
• Performance check identifying N+1 database queries and recommending query optimizations