code-review_skill

This skill automates thorough code reviews for pull requests, improving security, performance, and quality across changes.
  • Python

620

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill skillcreatorai/ai-agent-skills --skill code-review

  • SKILL.md2.7 KB

Overview

This skill performs automated code reviews for pull requests using specialized review patterns focused on security, performance, quality, and testing. It produces structured, actionable feedback with prioritized findings and suggested fixes. Use it to accelerate reviews, enforce standards, and reduce regressions before merging.

How this skill works

The skill analyzes diff contents and inspects files for known anti-patterns: injection risks, inefficient queries, missing indexes, and poor error handling. It classifies findings into Critical, Suggestions, and Nits and outputs concise rationale and recommended fixes for each issue. A checklist and positives section help maintainers track required changes and recognize good patterns.

When to use it

  • Reviewing pull requests or feature branches before merge
  • Performing security-focused code audits or threat-modeling reviews
  • Evaluating performance regressions after changes
  • Validating new code for testing and type coverage
  • Onboarding contributors to reinforce coding standards

Best practices

  • Prioritize fixes labeled Critical; these usually block merging
  • Include minimal code snippets for reproducing and fixing issues
  • Reference specific lines/files so developers can act quickly
  • Combine automated findings with a short human review for context
  • Add tests and update documentation when fixing behavior-impacting issues

Example use cases

  • Find and fix SQL/command injection and hardcoded secrets in a PR
  • Detect N+1 queries and suggest batching or eager loading changes
  • Identify missing tests for new logic and recommend cases to add
  • Flag swallowed errors and propose proper logging or rethrowing
  • Spot React unnecessary re-renders or large bundle artifacts and suggest improvements

FAQ

Findings are grouped as Critical, Suggestions, and Nits. Critical items indicate security or correctness problems that should block merge; Suggestions help performance or maintainability; Nits are optional style improvements.

Can it detect secrets and vulnerable dependencies?

It flags likely hardcoded secrets and insecure patterns in code. Dependency vulnerability scanning is recommended as a complementary step using dedicated scanners.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational