code-review
Review code changes between commits for security, logic, performance, and style issues
Best use case
code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Review code changes between commits for security, logic, performance, and style issues
Teams using code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/code-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How code-review Compares
| Feature / Agent | code-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Review code changes between commits for security, logic, performance, and style issues
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# code-review **Category**: Development ## Usage ```bash /code-review [<commit>] [--from <commit>] [--to <commit>] ``` ## Arguments | Argument | Default | Description | |----------|---------|-------------| | `<commit>` | - | Single commit to review | | `--from` | merge-base with main | Starting commit reference | | `--to` | HEAD | Ending commit reference | ## Examples ```bash # Review all changes in current branch (from merge-base to HEAD) /code-review # Review a specific commit /code-review abc1234 # Review a range of commits /code-review --from abc1234 --to def5678 # Review changes since a specific commit /code-review --from HEAD~5 # Review changes up to a specific commit /code-review --to feature-branch ``` ## Execution Method This command delegates to the `code-review-expert` agent (Haiku model) for fast, cost-effective execution. **Delegation**: Use the Task tool with: - `subagent_type`: `"git-workflow:code-review-expert"` - `model`: `"haiku"` - `prompt`: Include the commit range and current working directory Example: ``` Task(subagent_type="git-workflow:code-review-expert", model="haiku", prompt="Review changes from abc1234 to HEAD in /path/to/repo") ``` --- ## Execution Instructions for Claude Code When this command is run, Claude Code should: ### 1. Parse Arguments ``` SINGLE_COMMIT = first positional argument (if provided) FROM = --from value or merge-base with main/master TO = --to value or HEAD ``` If a single commit is provided: - Review just that commit: `FROM = <commit>^`, `TO = <commit>` If no arguments: - FROM = merge-base with main (or master) - TO = HEAD ### 2. Validate Commit References ```bash # Verify commits exist git rev-parse --verify "$FROM" 2>/dev/null git rev-parse --verify "$TO" 2>/dev/null ``` If invalid, show error with suggestions. ### 3. Gather Change Information ```bash # Get overview git diff --stat $FROM..$TO # Get commit history git log --oneline $FROM..$TO # Get full diff for analysis git diff $FROM..$TO ``` ### 4. Analyze Changes Review each file's changes for: **Critical Issues (must fix)** - Security vulnerabilities (injection, XSS, auth bypass) - Hardcoded secrets or credentials - Data exposure risks **High Priority (should fix)** - Logic bugs and incorrect behavior - Missing error handling - Null reference issues - Race conditions **Medium Priority (consider fixing)** - Performance issues (N+1 queries, inefficient loops) - Code smells and maintainability issues - Missing input validation **Low Priority (optional)** - Style inconsistencies - Minor code improvements - Documentation gaps **Test Coverage** - New code without corresponding tests - Changed behavior without updated tests ### 5. Present Findings Format output as: ``` Code Review: <from>..<to> ========================= Files Changed: N (+X, -Y) Commits: M ## Critical Issues - [SECURITY] path/file.py:42 - SQL injection via unsanitized input ## High Priority - [LOGIC] path/file.py:78 - Missing null check on user.profile ## Medium Priority - [PERFORMANCE] path/file.py:120 - Queries in loop, consider batch fetch ## Low Priority - [STYLE] path/file.py:15 - Inconsistent naming: userID vs user_id ## Test Coverage - Missing tests for: new_feature() in path/file.py ## Suggestions - Consider adding retry logic for external API calls --- Overall: NEEDS_CHANGES | APPROVED_WITH_COMMENTS | APPROVED ``` ### 6. Overall Assessment - **NEEDS_CHANGES**: Critical or multiple high-priority issues found - **APPROVED_WITH_COMMENTS**: Only medium/low issues, suggestions provided - **APPROVED**: No significant issues found ## What to Review | Category | Look For | |----------|----------| | Security | Injection, auth, secrets, data exposure | | Logic | Bugs, error handling, edge cases | | Performance | N+1 queries, inefficient algorithms | | Style | Naming, consistency, complexity | | Tests | Coverage, quality, edge cases | ## What NOT to Flag - Subjective style preferences (unless inconsistent) - Theoretical issues that can't happen in context - Over-engineering suggestions - Minor naming bikeshedding ## Error Handling ``` No changes to review The commits $FROM and $TO are identical. Invalid commit reference Could not find commit: abc1234 Try: git log --oneline -20 Not a git repository Navigate to a git repository first. ``` ## Related Commands | Command | Purpose | |---------|---------| | `/commit` | Create commits with conventional format | | `/rebase` | Rebase local changes on remote |
Related Skills
review-django-commands
Review Django management commands for proper structure and refactor if needed
python-code-review
Python code review guidelines (security, performance, bugs, style). Auto-loads when reviewing Python code or analyzing code quality.
typescript-code-review
TypeScript and React code review guidelines (type safety, React patterns, performance). Auto-loads when reviewing TypeScript/React code.
zod
Zod schema validation patterns and type inference. Auto-loads when validating schemas, parsing data, validating forms, checking types at runtime, or using z.object/z.string/z.infer in TypeScript.
typescript-import-style
Merge-friendly import formatting (one-per-line, alphabetical). Auto-loads when writing TypeScript/JavaScript imports to minimize merge conflicts in parallel development. Enforces consistent grouping and sorting.
setup-mcp-auth
Configure authentication for an existing FastMCP server
fastmcp
FastMCP TypeScript framework patterns for MCP servers. Auto-loads when building MCP servers, creating tools/resources/prompts, implementing authentication, configuring transports, or working with FastMCP in TypeScript.
add-mcp-tool
Add a new tool to an existing FastMCP server with guided configuration
add-mcp-resource
Add a new resource or resource template to an existing FastMCP server
plan-with-team
Validate plan file ownership
privacy-compliance
GDPR, CCPA, and privacy compliance guidance for data protection. Use when handling personal data, implementing consent management, or ensuring regulatory compliance across jurisdictions.
oauth
OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.