code-reviewer_skill

Overview

This skill performs thorough code reviews with a strong focus on security, performance, correctness, and maintainability. It highlights critical vulnerabilities, performance bottlenecks, and practical fixes so teams can ship safer, faster, and more reliable code. Reviews are organized by priority so the most dangerous issues are addressed first.

How this skill works

I inspect code for security flaws (SQL injection, XSS, hardcoded secrets, auth bypasses), performance problems (N+1 queries, missing indexes, inefficient algorithms), correctness gaps (error handling, race conditions, input validation), and maintainability issues (naming, types, duplication). Output is a prioritized report with concise problem descriptions, concrete impact, and code-level remediation examples.

When to use it

• Reviewing pull requests before merge
• Performing security audits or pentest triage
• Assessing performance before scaling or release
• Checking code quality for new features or refactors
• Validating fixes for reported bugs or vulnerabilities

Best practices

• Triage issues by priority: Security → Performance → Correctness → Maintainability
• Include minimal, reproducible examples and suggested code fixes
• Always recommend defensive coding: input validation and explicit error handling
• Prefer parameterized queries or ORMs to avoid injection
• Recommend tests for critical paths and edge cases

Example use cases

• Review a PR that adds new database queries to detect N+1 problems and missing indexes
• Audit authentication and session handling to find authorization bypasses or hardcoded secrets
• Assess a new API endpoint for input validation, error paths, and rate-limiting gaps
• Scan front-end templates and handlers for XSS and unsafe output encoding
• Validate a refactor for type safety, naming clarity, and reduced cyclomatic complexity