structured-code-review
Performs a structured five-stage code review covering requirements compliance, correctness, code quality, testing, and security/performance. Each stage uses targeted checklists and categorized feedback (Blocker/Major/Minor/Nit) with actionable suggestions and rationale. Use when the user asks for code review, PR feedback, pull request review, or wants their code checked for bugs, style issues, or vulnerabilities — triggered by phrases like "review my code", "check this PR", "review my changes", "pull request review", or "code feedback".
Best use case
structured-code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Performs a structured five-stage code review covering requirements compliance, correctness, code quality, testing, and security/performance. Each stage uses targeted checklists and categorized feedback (Blocker/Major/Minor/Nit) with actionable suggestions and rationale. Use when the user asks for code review, PR feedback, pull request review, or wants their code checked for bugs, style issues, or vulnerabilities — triggered by phrases like "review my code", "check this PR", "review my changes", "pull request review", or "code feedback".
Teams using structured-code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/structured-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How structured-code-review Compares
| Feature / Agent | structured-code-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Performs a structured five-stage code review covering requirements compliance, correctness, code quality, testing, and security/performance. Each stage uses targeted checklists and categorized feedback (Blocker/Major/Minor/Nit) with actionable suggestions and rationale. Use when the user asks for code review, PR feedback, pull request review, or wants their code checked for bugs, style issues, or vulnerabilities — triggered by phrases like "review my code", "check this PR", "review my changes", "pull request review", or "code feedback".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Structured Code Review You are performing a structured, multi-stage code review. This methodology ensures thorough review while providing actionable, constructive feedback. ## Core Principle **Review in stages. Each stage has a specific focus. Don't mix concerns.** A structured review catches more issues and provides better feedback than an unstructured scan. ## Review Stages ### Stage 1: Requirements Compliance First, verify the code meets its requirements. **Checklist:** - [ ] Implements stated requirements - [ ] Handles specified edge cases - [ ] No scope creep (unexpected additions) - [ ] No missing functionality **Feedback at this stage:** - "This doesn't appear to handle the case when X is empty" - "The requirement specified Y, but this implements Z" - "This adds feature F which wasn't requested - is that intentional?" ### Stage 2: Correctness Next, verify the code works correctly. **Checklist:** - [ ] Logic is sound - [ ] No obvious bugs - [ ] Error paths are handled - [ ] No unfinished code (TODOs without tickets) **Feedback at this stage:** - "This will throw if `user` is null" - "The loop exits early before processing all items" - "What happens when the API call fails?" ### Stage 3: Code Quality Then, evaluate code quality and maintainability. **Checklist:** - [ ] Clear naming - [ ] Reasonable function/method length - [ ] No unnecessary complexity - [ ] Follows project conventions - [ ] Appropriate abstractions **Feedback at this stage:** - "Could you rename `data` to `userProfile` for clarity?" - "This function is doing three things - consider splitting" - "We use camelCase for variables in this project" ### Stage 4: Testing Evaluate test coverage and quality. **Checklist:** - [ ] New code has tests - [ ] Tests cover main paths and edge cases - [ ] Tests are readable and maintainable - [ ] Tests don't test implementation details **Feedback at this stage:** - "Please add a test for the error case" - "This test will break if we change the implementation" - "Consider using a parameterized test for these cases" ### Stage 5: Security & Performance Finally, check for security and performance concerns. **Checklist:** - [ ] No SQL injection, XSS, etc. - [ ] Secrets not exposed - [ ] No obvious N+1 queries - [ ] No unnecessary computation - [ ] Sensitive data handled correctly **Feedback at this stage:** - "This input should be sanitized before use" - "Consider adding an index for this query" - "This API key should come from environment variables" ## Writing Good Feedback ### Feedback Levels | Level | When to Use | Example | |-------|-------------|---------| | **Blocker** | Must fix before merge | "Security: This allows SQL injection" | | **Major** | Should fix, but not critical | "This will fail for empty arrays" | | **Minor** | Suggestion, nice to have | "Consider renaming for clarity" | | **Nit** | Trivial, stylistic | "Extra blank line here" | ### Constructive Feedback Template ``` [Level] [Category]: [Issue] **What:** [Describe the specific issue] **Why:** [Explain why it matters] **Suggestion:** [Offer a specific improvement] ``` Example: ``` [Major] Correctness: Null reference possible **What:** `user.email` is accessed without checking if user exists **Why:** This will throw TypeError when user is not found **Suggestion:** Add `if (!user) return null;` before accessing properties ``` ## Review Checklist Summary ```markdown ## Review: [PR Title] ### Stage 1: Requirements - [ ] Implements requirements - [ ] Handles edge cases - [ ] Appropriate scope ### Stage 2: Correctness - [ ] Logic is sound - [ ] No bugs - [ ] Errors handled ### Stage 3: Quality - [ ] Readable - [ ] Follows conventions - [ ] Maintainable ### Stage 4: Testing - [ ] Has tests - [ ] Tests are good ### Stage 5: Security/Performance - [ ] No vulnerabilities - [ ] No performance issues ### Verdict: [ ] Approve [ ] Request Changes [ ] Comment ``` ## Integration with Other Skills - **planning/verification-gates**: Review is a key gate - **testing/test-patterns**: Evaluate test quality - **testing/anti-patterns**: Spot testing issues
Related Skills
find-skills
Discovers, searches, and installs skills from multiple AI agent skill marketplaces (400K+ skills) using the SkillKit CLI. Supports browsing official partner collections (Anthropic, Vercel, Supabase, Stripe, and more) and community repositories, searching by domain or technology, and installing specific skills from GitHub. Use when the user wants to find, browse, or install new agent skills, plugins, extensions, or add-ons; asks 'is there a skill for X' or 'find a skill for X'; wants to explore a skill store or marketplace; needs to extend agent capabilities in areas like React, testing, DevOps, security, or APIs; or says 'browse skills', 'search skill marketplace', 'install a skill', or 'what skills are available'.
test-patterns
Applies proven testing patterns — Arrange-Act-Assert (AAA), Given-When-Then, Test Data Builders, Object Mother, parameterized tests, fixtures, spies, and test doubles — to help write maintainable, reliable, and readable test suites. Use when the user asks about writing unit tests, integration tests, or end-to-end tests; structuring test cases or test suites; applying TDD or BDD practices; working with mocks, stubs, spies, or fakes; improving test coverage or reducing flakiness; or needs guidance on test organization, naming conventions, or assertions in frameworks like Jest, Vitest, pytest, or similar.
red-green-refactor
Guides the red-green-refactor TDD workflow: write a failing test first, implement the minimum code to make it pass, then refactor while keeping tests green. Use when a user asks to practice TDD, write tests first, follow red-green-refactor, do test-driven development, write failing tests before code, or phrases like 'make the test pass', 'test coverage', or 'unit tests before implementation'.
testing-anti-patterns
Reviews test code to identify and fix common testing anti-patterns including flaky tests, over-mocking, brittle assertions, test interdependency, and hidden test logic. Flags bad patterns, explains the specific defect, and provides corrected implementations. Use when reviewing test code, debugging intermittent or unreliable test failures, or when the user mentions flaky tests, test smells, brittle tests, test isolation issues, mock overuse, slow tests, or test maintenance problems.
verification-gates
Creates explicit validation checkpoints (verification gates) between project phases to catch errors early and ensure quality before proceeding. Use when the user asks about quality gates, milestone checks, phase transitions, approval steps, go/no-go decision points, or preventing cascading errors across a multi-step workflow. Produces acceptance criteria checklists, automated CI gate configurations, manual sign-off requirements, and conditional review rules for scenarios such as security changes, API changes, or database migrations.
task-decomposition
Breaks down complex software, writing, or research tasks into small, atomic, independently completable units with dependency graphs and milestone breakdowns. Use when the user asks to plan a project, decompose a feature, create subtasks, split up work, or needs help organizing a large piece of work into a step-by-step plan. Triggered by phrases like "break down", "decompose", "where do I start", "too big", "split into tasks", "work breakdown", or "task list".
design-first
Guides the creation of technical design documents before writing code, producing architecture diagrams, data models, API interface definitions, implementation plans, and multi-option trade-off analyses. Use when the user asks to plan a feature, architect a system, design an API, explore implementation approaches, or requests a technical design or spec before coding — especially for complex features involving multiple components, ambiguous requirements, or significant architectural changes.
skill-authoring
Creates and structures SKILL.md files for AI coding agents, including YAML frontmatter, trigger phrases, directive instructions, decision trees, code examples, and verification checklists. Use when the user asks to write a new skill, create a skill file, author agent capabilities, generate skill documentation, or define a skill template for Claude Code agents.
trace-and-isolate
Applies systematic tracing and isolation techniques to pinpoint exactly where a bug originates in code. Use when a bug is hard to locate, code is not working as expected, an error or crash appears with unclear cause, a regression was introduced between recent commits, or you need to narrow down which component, function, or line is faulty. Covers binary search debugging, git bisect for regressions, strategic logging with [TRACE] patterns, data and control flow tracing, component isolation, minimal reproduction cases, conditional breakpoints, and watch expressions across TypeScript, SQL, and bash.
root-cause-analysis
Performs systematic root cause analysis to identify the true source of bugs, errors, and unexpected behavior through structured investigation phases — not just treating symptoms. Use when a user reports a bug, crash, error, or broken behavior and needs to debug, troubleshoot, or investigate why something is not working; especially for complex or intermittent issues across multiple components. Applies the Five Whys method, hypothesis-driven testing, stack trace analysis, git blame/log evidence gathering, and causal chain documentation to isolate and confirm root causes before applying any fix.
hypothesis-testing
Applies the scientific method to debugging by helping users form specific, testable hypotheses, design targeted experiments, and systematically confirm or reject theories to find root causes. Use when a user says their code isn't working, they're getting an error, something broke, they want to troubleshoot a bug, or they're trying to figure out what's causing an issue. Concrete actions include isolating failing components, forming and testing hypotheses, analyzing error messages, tracing execution paths, and interpreting test results to narrow down root causes.
parallel-investigation
Coordinates parallel investigation threads to simultaneously explore multiple hypotheses or root causes across different system areas. Use when debugging production incidents, slow API performance, multi-system integration failures, or complex bugs where the root cause is unclear and multiple plausible theories exist; when serial troubleshooting is too slow; or when multiple investigators can divide root-cause analysis work. Provides structured phases for problem decomposition, thread assignment, sync points with Continue/Pivot/Converge decisions, and final report synthesis.