onewave-ai/claude-skills

Overview

This skill performs comprehensive code reviews focused on security vulnerabilities, performance bottlenecks, maintainability issues, and refactoring opportunities. It produces prioritized, actionable findings with before/after code examples and clear remediation steps. Use it to get a practical audit of code quality, risks, and quick wins.

How this skill works

I inspect source code and related config for common and language-specific risks: injection vectors, auth flaws, unsafe dependencies, inefficient algorithms, memory and I/O issues, and maintainability smells. I prioritize issues by severity, show concrete code changes (before/after), and recommend tests, monitoring, or architecture adjustments. Reports highlight critical fixes first, followed by performance, quality, and nice-to-have improvements.

When to use it

• When you ask for a code review or audit
• Before shipping security-sensitive features (auth, payments, data export)
• When tracking down performance regressions or latency spikes
• Before major refactors or production rollouts
• When onboarding a new codebase and validating quality

Best practices

• Prioritize security issues first and fix high-severity bugs immediately
• Provide small, testable code changes with before/after examples
• Include line references and reproduce steps where possible
• Favor parameterized queries, proper input validation, and secure secret management
• Measure performance impact of fixes with benchmarks or profiling
• Balance refactoring scope: prefer incremental improvements and quick wins

Example use cases

• Review an authentication module for weak hashing, token handling, and CSRF issues
• Audit a database access layer for SQL injection, N+1 queries, and missing indexes
• Optimize a React/Vue component to remove unnecessary re-renders and reduce bundle size
• Analyze an API endpoint for input validation, error handling, and rate limiting
• Suggest refactors to reduce cyclomatic complexity and duplicate logic