code-reviewer
6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.
Best use case
code-reviewer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.
Teams using code-reviewer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/code-reviewer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How code-reviewer Compares
| Feature / Agent | code-reviewer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
6-aspect structured code review (security, architecture, error handling, test gaps, type safety, simplification) with calibrated scoring and per-aspect breakdown. Use when the user asks to review code, check a PR, review a pull request, audit changes before merge, or give code feedback.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
> **AI-consumed reference.** Optimized for Claude to read during execution.
> Human-readable explanation: see [docs/architecture/HIERARCHICAL_PLANNING.md](../../../docs/architecture/HIERARCHICAL_PLANNING.md)
> or [docs/getting-started/](../../../docs/getting-started/) depending on topic.
# Code Reviewer
Use after implementation, Phase 4, or before merge.
## Process
1. `git diff --name-only main...HEAD` → changed files
2. Run 6-aspect review
3. Report + decision
## 6 Aspects
```toon
aspects[6]{aspect,weight,checks}:
Security,CRITICAL,"Secrets, injection, auth gaps, CSRF/CORS"
Architecture,HIGH,"SRP, coupling, wrong layer, edge cases"
Error Handling,HIGH,"Unhandled rejections, empty catch, silent failures"
Test Gaps,HIGH,"Untested critical paths, missing edge/boundary cases"
Type Safety,MEDIUM,"Missing types, any usage, null gaps"
Simplification,LOW,"Complex conditionals, deep nesting — only if harms readability"
```
Spend 60% on Security + Architecture + Edge Cases. Don't nitpick syntax — linters handle that.
## Report
`[ASPECT] [SEVERITY] file:line — description → Fix: recommendation`
CRITICAL = block merge | WARNING = should fix | INFO = nice to have
## Decision
- **APPROVED** — 0 critical, ≤3 warnings
- **CHANGES REQUESTED** — any critical finding
## Scoring (prevents LGTM drift)
Per-aspect breakdown required. Anchors: 9-10 production-ready, 7-8 minor issues, 5-6 needs work, <5 changes requested.
## Block Merge On
Hardcoded secrets, injection, missing auth on protected routes, breaking changes without migration.
---
## Mandatory Verification for Claims (CoVe)
Before reporting "0 critical findings" / "N% coverage" / "tests pass", run the Chain-of-Verification protocol from `skills/chain-of-verification/SKILL.md`. Draft → plan 3–5 verification questions → answer via tool (Read/Grep/Bash) → revise. Per `rules/workflow/chain-of-verification.md` this is **mandatory** — reviews without verified claims are not acceptable.
---
## Related Rules
- `rules/core/code-quality.md` — Coverage, typing, error handling baseline
- `rules/core/naming-conventions.md` — Naming patterns
- `rules/core/simplicity-over-complexity.md` — YAGNI/DRY/KISS
- `rules/core/verification.md` — Verify before approving
- `rules/core/prefer-established-libraries.md` — Library choice review
- `rules/core/context-economy.md` — Read only the diff hunks + immediate callers/callees, not whole files; use Grep to scope review evidence
- `rules/agent/sast-security-scanning.md` — Security patterns
- `rules/agent/error-handling-standard.md` — Error-handling review
- `rules/workflow/smart-commenting.md` — Comment review (WHY not WHAT)
- `rules/workflow/cross-review-workflow.md` — Builder ≠ Reviewer
- `rules/workflow/chain-of-verification.md` — **MANDATORY** for factual claims in review output
- `rules/workflow/dual-llm-review.md` — Second-opinion LLM for destructive-op / security-critical findingsRelated Skills
vue-expert
Vue 3 gotchas and decision criteria. Covers reactivity traps, Composition API pitfalls, and Pinia patterns.
typescript-expert
TypeScript gotchas and decision criteria covering nullish coalescing pitfalls (|| vs ??), strict tsconfig settings (noUncheckedIndexedAccess, exactOptionalPropertyTypes), type guard patterns, discriminated unions, and as const vs enum. Use when writing TypeScript, configuring tsconfig, implementing type guards, or debugging null/undefined errors.
tree-of-thoughts
Branch, evaluate, prune, expand — structured search over solution space. Use for architecture with multi-step decisions, refactor planning, or complex debug hypothesis trees. Paper: Yao et al. 2023.
test-writer
Write tests with TDD following structured patterns. Ensures consistent AAA structure, proper coverage targets, and framework-specific conventions. Without this skill, tests lack consistent naming, miss coverage targets, and skip anti-pattern checks.
stitch-design
Generate UI designs using Google Stitch AI with optimized prompts
session-continuation
Manage workflow state across sessions with handoff and resume. TOON-based state persistence.
sequential-thinking
Structured thinking process for complex analysis. Supports revision, branching, and dynamic adjustment.
self-improve
Apply learned improvements to the Aura Frog plugin. Updates rules, adjusts agent routing, modifies workflow configurations, and generates knowledge base entries.
self-healing-orchestrator
Proposes patches for F2 (local-logic) and F3 (local-design) failures. NEVER applies without user approval. Confidence ≥0.7 to propose; below that, escalates raw findings. Counts toward replan_budget. Per-task: max 1; per-session: max 5.
self-consistency
Generate N independent reasoning paths and vote on the answer. Use for architectural trade-offs, ambiguous design decisions, or when single-path reasoning risks locking onto the first plausible answer. Paper: Wang et al. 2022.
scalable-thinking
Design for scale while keeping implementation simple (KISS).
run-orchestrator
Execute 5-phase TDD workflow for complex features. Use when the user invokes /run, asks to build/create/implement a feature, requests a complex multi-file change, or types 'fasttrack:'. Enforces phase gates, sprint contracts, and builder!=reviewer discipline.