code-review - SKILL.md Agent Skill

name: code-review description: > Perform comprehensive code reviews covering bugs, style, performance, security, and best practices. Use this skill when the user mentions: review my code, check this code, code review, find bugs, improve code, refactor suggestions, security audit, performance optimization, code quality, static analysis. license: MIT metadata: author: Jiva Community version: 1.0.0 tags: [code-quality, security, performance, best-practices]

Code Review Skill

Overview

Perform comprehensive code reviews analyzing bugs, style issues, performance bottlenecks, security vulnerabilities, and adherence to best practices.

Workflow

1. Scan Code Structure

Use view tool to read all relevant files in the codebase
Identify file types, frameworks, and languages used
Map dependencies and module relationships

2. Analyze Code Quality

Check for the following categories:

Bugs & Logic Errors:

Null/undefined handling
Off-by-one errors
Race conditions
Memory leaks
Incorrect algorithm implementation

Security Issues:

SQL injection vulnerabilities
XSS vulnerabilities
Authentication/authorization flaws
Sensitive data exposure
Unsafe dependencies

Performance Problems:

Inefficient algorithms (O(n²) where O(n) possible)
Unnecessary database queries
Memory overuse
Blocking operations
Missing caching

Code Style:

Naming conventions
Code formatting inconsistencies
Magic numbers/strings
Dead code
Overly complex functions

Best Practices:

DRY (Don't Repeat Yourself) violations
SOLID principles adherence
Error handling patterns
Testing coverage
Documentation quality

3. Categorize Findings

Group issues by:

Critical: Security vulnerabilities, data loss risks
High: Bugs that cause crashes/errors
Medium: Performance issues, maintainability problems
Low: Style issues, minor improvements

4. Provide Solutions

For each issue:

Explain WHY it's a problem
Show the problematic code snippet
Provide a SPECIFIC fix with code examples
Explain the benefits of the fix

5. Generate Report

Structure the output as:

# Code Review Report

## Summary
- Total files reviewed: X
- Issues found: Y (Z critical, W high, V medium, U low)

## Critical Issues
[List critical issues with fixes]

## High Priority Issues
[List high priority issues with fixes]

## Medium Priority Issues
[List medium priority issues with fixes]

## Low Priority Issues
[List low priority issues with fixes]

## Strengths
[Mention good practices found in the code]

## Recommendations
[Overall suggestions for improvement]

Resources

When to Use References

Read references/security_checklist.md when analyzing security
Consult references/performance_patterns.md for performance optimization
Check references/language_guides/ for language-specific best practices

Scripts (Future Enhancement)

scripts/run_linter.sh <file> - Run automated linting
scripts/complexity_analysis.py <file> - Calculate cyclomatic complexity
scripts/security_scan.py <dir> - Run security vulnerability scanner

Example Usage

User: "Review this authentication code"

Process:

Read authentication-related files with view tool
Check for common auth vulnerabilities (password storage, session management, etc.)
Analyze token handling and encryption
Check for privilege escalation risks
Provide detailed report with fixes

Tips for Effective Reviews

Be Specific: Don't just say "improve error handling" - show exactly how
Prioritize: Focus on critical/high issues first
Be Constructive: Acknowledge good code practices too
Provide Context: Explain the "why" behind each suggestion
Code Examples: Always show concrete before/after code
Consider Trade-offs: Mention any downsides to suggested changes