Best use case
code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Run a comprehensive code review
Teams using code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/code-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How code-review Compares
| Feature / Agent | code-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Run a comprehensive code review
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Code Review Skill Conduct a thorough code review for quality, security, and maintainability with severity-rated feedback. ## When to Use This skill activates when: - User requests "review this code", "code review" - Before merging a pull request - After implementing a major feature - User wants quality assessment ## What It Does Delegates to the `code-reviewer` agent (Opus model) for deep analysis: 1. **Identify Changes** - Run `git diff` to find changed files - Determine scope of review (specific files or entire PR) 2. **Review Categories** - **Security** - Hardcoded secrets, injection risks, XSS, CSRF - **Code Quality** - Function size, complexity, nesting depth - **Performance** - Algorithm efficiency, N+1 queries, caching - **Best Practices** - Naming, documentation, error handling - **Maintainability** - Duplication, coupling, testability 3. **Severity Rating** - **CRITICAL** - Security vulnerability (must fix before merge) - **HIGH** - Bug or major code smell (should fix before merge) - **MEDIUM** - Minor issue (fix when possible) - **LOW** - Style/suggestion (consider fixing) 4. **Specific Recommendations** - File:line locations for each issue - Concrete fix suggestions - Code examples where applicable ## Agent Delegation ``` Task( subagent_type="oh-my-droid:code-reviewer", model="claude-opus-4-5-20251101", prompt="CODE REVIEW TASK Review code changes for quality, security, and maintainability. Scope: [git diff or specific files] Review Checklist: - Security vulnerabilities (OWASP Top 10) - Code quality (complexity, duplication) - Performance issues (N+1, inefficient algorithms) - Best practices (naming, documentation, error handling) - Maintainability (coupling, testability) Output: Code review report with: - Files reviewed count - Issues by severity (CRITICAL, HIGH, MEDIUM, LOW) - Specific file:line locations - Fix recommendations - Approval recommendation (APPROVE / REQUEST CHANGES / COMMENT)" ) ``` ## Output Format ``` CODE REVIEW REPORT ================== Files Reviewed: 8 Total Issues: 15 CRITICAL (0) ----------- (none) HIGH (3) -------- 1. src/api/auth.ts:42 Issue: User input not sanitized before SQL query Risk: SQL injection vulnerability Fix: Use parameterized queries or ORM 2. src/components/UserProfile.tsx:89 Issue: Password displayed in plain text in logs Risk: Credential exposure Fix: Remove password from log statements 3. src/utils/validation.ts:15 Issue: Email regex allows invalid formats Risk: Accepts malformed emails Fix: Use proven email validation library MEDIUM (7) ---------- ... LOW (5) ------- ... RECOMMENDATION: REQUEST CHANGES Critical security issues must be addressed before merge. ``` ## Review Checklist The code-reviewer agent checks: ### Security - [ ] No hardcoded secrets (API keys, passwords, tokens) - [ ] All user inputs sanitized - [ ] SQL/NoSQL injection prevention - [ ] XSS prevention (escaped outputs) - [ ] CSRF protection on state-changing operations - [ ] Authentication/authorization properly enforced ### Code Quality - [ ] Functions < 50 lines (guideline) - [ ] Cyclomatic complexity < 10 - [ ] No deeply nested code (> 4 levels) - [ ] No duplicate logic (DRY principle) - [ ] Clear, descriptive naming ### Performance - [ ] No N+1 query patterns - [ ] Appropriate caching where applicable - [ ] Efficient algorithms (avoid O(n²) when O(n) possible) - [ ] No unnecessary re-renders (React/Vue) ### Best Practices - [ ] Error handling present and appropriate - [ ] Logging at appropriate levels - [ ] Documentation for public APIs - [ ] Tests for critical paths - [ ] No commented-out code ## Approval Criteria **APPROVE** - No CRITICAL or HIGH issues, minor improvements only **REQUEST CHANGES** - CRITICAL or HIGH issues present **COMMENT** - Only LOW/MEDIUM issues, no blocking concerns ## Use with Other Skills **With Pipeline:** ``` /pipeline review "implement user authentication" ``` Includes code review as part of implementation workflow. **With Ralph:** ``` /ralph code-review then fix all issues ``` Review code, get feedback, fix until approved. **With Ultrawork:** ``` /ultrawork review all files in src/ ``` Parallel code review across multiple files. ## Best Practices - **Review early** - Catch issues before they compound - **Review often** - Small, frequent reviews better than huge ones - **Address CRITICAL/HIGH first** - Fix security and bugs immediately - **Consider context** - Some "issues" may be intentional trade-offs - **Learn from reviews** - Use feedback to improve coding practices