code-review
Review code changes for security, performance, and correctness. Trigger with a PR URL or diff, "review this before I merge", "is this code safe?", or when checking a change for N+1 queries, injection risks, missing edge cases, or error handling gaps.
Best use case
code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Review code changes for security, performance, and correctness. Trigger with a PR URL or diff, "review this before I merge", "is this code safe?", or when checking a change for N+1 queries, injection risks, missing edge cases, or error handling gaps.
Teams using code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/code-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How code-review Compares
| Feature / Agent | code-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Review code changes for security, performance, and correctness. Trigger with a PR URL or diff, "review this before I merge", "is this code safe?", or when checking a change for N+1 queries, injection risks, missing edge cases, or error handling gaps.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# /code-review > If you see unfamiliar placeholders or need to check which tools are connected, see [CONNECTORS.md](../../CONNECTORS.md). Review code changes with a structured lens on security, performance, correctness, and maintainability. ## Usage ``` /code-review <PR URL or file path> ``` Review the provided code changes: @$1 If no specific file or URL is provided, ask what to review. ## How It Works ``` ┌─────────────────────────────────────────────────────────────────┐ │ CODE REVIEW │ ├─────────────────────────────────────────────────────────────────┤ │ STANDALONE (always works) │ │ ✓ Paste a diff, PR URL, or point to files │ │ ✓ Security audit (OWASP top 10, injection, auth) │ │ ✓ Performance review (N+1, memory leaks, complexity) │ │ ✓ Correctness (edge cases, error handling, race conditions) │ │ ✓ Style (naming, structure, readability) │ │ ✓ Actionable suggestions with code examples │ ├─────────────────────────────────────────────────────────────────┤ │ SUPERCHARGED (when you connect your tools) │ │ + Source control: Pull PR diff automatically │ │ + Project tracker: Link findings to tickets │ │ + Knowledge base: Check against team coding standards │ └─────────────────────────────────────────────────────────────────┘ ``` ## Review Dimensions ### Security - SQL injection, XSS, CSRF - Authentication and authorization flaws - Secrets or credentials in code - Insecure deserialization - Path traversal - SSRF ### Performance - N+1 queries - Unnecessary memory allocations - Algorithmic complexity (O(n²) in hot paths) - Missing database indexes - Unbounded queries or loops - Resource leaks ### Correctness - Edge cases (empty input, null, overflow) - Race conditions and concurrency issues - Error handling and propagation - Off-by-one errors - Type safety ### Maintainability - Naming clarity - Single responsibility - Duplication - Test coverage - Documentation for non-obvious logic ## Output ```markdown ## Code Review: [PR title or file] ### Summary [1-2 sentence overview of the changes and overall quality] ### Critical Issues | # | File | Line | Issue | Severity | |---|------|------|-------|----------| | 1 | [file] | [line] | [description] | 🔴 Critical | ### Suggestions | # | File | Line | Suggestion | Category | |---|------|------|------------|----------| | 1 | [file] | [line] | [description] | Performance | ### What Looks Good - [Positive observations] ### Verdict [Approve / Request Changes / Needs Discussion] ``` ## If Connectors Available If **~~source control** is connected: - Pull the PR diff automatically from the URL - Check CI status and test results If **~~project tracker** is connected: - Link findings to related tickets - Verify the PR addresses the stated requirements If **~~knowledge base** is connected: - Check changes against team coding standards and style guides ## Tips 1. **Provide context** — "This is a hot path" or "This handles PII" helps me focus. 2. **Specify concerns** — "Focus on security" narrows the review. 3. **Include tests** — I'll check test coverage and quality too.
Related Skills
pipeline-review
Analyze pipeline health — prioritize deals, flag risks, get a weekly action plan. Use when running a weekly pipeline review, deciding which deals to focus on this week, spotting stale or stuck opportunities, auditing for hygiene issues like bad close dates, or identifying single-threaded deals.
metrics-review
Review and analyze product metrics with trend analysis and actionable insights. Use when running a weekly, monthly, or quarterly metrics review, investigating a sudden spike or drop, comparing performance against targets, or turning raw numbers into a scorecard with recommended actions.
vendor-review
Evaluate a vendor — cost analysis, risk assessment, and recommendation. Use when reviewing a new vendor proposal, deciding whether to renew or replace a contract, comparing two vendors side-by-side, or building a TCO breakdown and negotiation points before procurement sign-off.
brand-review
Review content against your brand voice, style guide, and messaging pillars, flagging deviations by severity with specific before/after fixes. Use when checking a draft before it ships, when auditing copy for voice consistency and terminology, or when screening for unsubstantiated claims, missing disclaimers, and other legal flags.
review-contract
Review a contract against your organization's negotiation playbook — flag deviations, generate redlines, provide business impact analysis. Use when reviewing vendor or customer agreements, when you need clause-by-clause analysis against standard positions, or when preparing a negotiation strategy with prioritized redlines and fallback positions.
performance-review
Structure a performance review with self-assessment, manager template, and calibration prep. Use when review season kicks off and you need a self-assessment template, writing a manager review for a direct report, prepping rating distributions and promotion cases for calibration, or turning vague feedback into specific behavioral examples.
accessibility-review
Run a WCAG 2.1 AA accessibility audit on a design or page. Trigger with "audit accessibility", "check a11y", "is this accessible?", or when reviewing a design for color contrast, keyboard navigation, touch target size, or screen reader behavior before handoff.
forecast
Generate a weighted sales forecast with best/likely/worst scenarios, commit vs. upside breakdown, and gap analysis. Use when preparing a quarterly forecast call, assessing gap-to-quota from a pipeline CSV, deciding which deals to commit vs. call upside, or checking pipeline coverage against your number.
draft-outreach
Research a prospect then draft personalized outreach. Uses web research by default, supercharged with enrichment and CRM. Trigger with "draft outreach to [person/company]", "write cold email to [prospect]", "reach out to [name]".
daily-briefing
Start your day with a prioritized sales briefing. Works standalone when you tell me your meetings and priorities, supercharged when you connect your calendar, CRM, and email. Trigger with "morning briefing", "daily brief", "what's on my plate today", "prep my day", or "start my day".
create-an-asset
Generate tailored sales assets (landing pages, decks, one-pagers, workflow demos) from your deal context. Describe your prospect, audience, and goal — get a polished, branded asset ready to share with customers.
competitive-intelligence
Research your competitors and build an interactive battlecard. Outputs an HTML artifact with clickable competitor cards and a comparison matrix. Trigger with "competitive intel", "research competitors", "how do we compare to [competitor]", "battlecard for [competitor]", or "what's new with [competitor]".