| name | code-reviewer |
|---|---|
| description | Automatic code quality and best practices analysis. Use proactively when files are modified, saved, or committed. Analyzes code style, patterns, potential bugs, and security basics. Triggers on file changes, git diff, code edits, quality mentions. |
| allowed-tools | Read, Grep, Glob |
Lightweight automatic code quality checks while you code.
- ✅ Files modified or saved
- ✅ Git diff run
- ✅ Code mentioned in conversation
- ✅ User asks about code quality
- ✅ Before commits
- Code style and formatting issues
- Common anti-patterns
- Obvious bugs (null checks, undefined references)
- Basic security patterns (hardcoded secrets)
- Import/export issues
- Unused variables and functions
- Deep architectural review → Use @code-reviewer sub-agent
- Comprehensive security audit → Use security-auditor skill
- Performance profiling → Use @architect sub-agent
- Full refactoring plans → Use @code-reviewer sub-agent
Me (Skill): Fast, lightweight, real-time feedback @code-reviewer (Sub-Agent): Deep analysis with examples and strategy
- You write code
- I auto-analyze (instant feedback)
- I flag: "
⚠️ Potential issue on line 42" - You want details → Invoke @code-reviewer sub-agent
- Sub-agent provides comprehensive analysis
// You write this code:
function getUser(id) {
return db.query(`SELECT * FROM users WHERE id = ${id}`);
}
// I immediately flag:
// 🚨 Line 2: SQL injection vulnerability
// 💡 Use parameterized queries// You write:
function UserList({ users }) {
return users.map(user => <User data={user} />);
}
// I flag:
// ⚠️ Missing key prop in list rendering (line 2)
// 💡 Add key={user.id} to User component# You write:
def process_data(data):
return data['user']['profile']['name']
# I flag:
# ⚠️ Potential KeyError - no safety checks (line 2)
# 💡 Use .get() or add try/except- Inconsistent naming conventions
- Missing semicolons (JavaScript)
- Improper indentation
- Long functions (>50 lines)
- Magic numbers
- Null/undefined access without checks
- Array access without bounds checking
- Type mismatches (TypeScript)
- Unreachable code
- Infinite loops
- Hardcoded API keys or secrets
- SQL injection patterns
- eval() or exec() usage
- Insecure random number generation
- Missing input validation
- Missing error handling
- Console.log in production code
- Commented-out code blocks
- TODO comments without context
- Overly complex conditions
🤖 code-reviewer skill:
[Severity] Issue description (file:line)
💡 Quick fix suggestion
📖 Reference: [link to learn more]
- 🚨 CRITICAL: Must fix (security, data loss)
⚠️ HIGH: Should fix (bugs, performance)- 📋 MEDIUM: Consider fixing (maintainability)
- 💡 LOW: Nice to have (style, readability)
After I flag issues, invoke @code-reviewer sub-agent for:
- Detailed explanation of the issue
- Multiple fix alternatives with pros/cons
- Architectural recommendations
- Refactoring strategies
- Best practice guidelines
Example:
Me: "⚠️ Potential N+1 query detected"
You: "@code-reviewer explain the N+1 issue and show optimal solution"
Sub-agent: [Provides comprehensive analysis with examples]
Works without sandboxing: ✅ Yes (default, recommended for learning) Works with sandboxing: ✅ Yes (no special configuration needed)
- Filesystem: Read-only access to project files
- Network: None required
- Configuration: None required
Want different checks or patterns?
-
Copy this skill:
cp -r ~/.claude/skills/development/code-reviewer ~/.claude/skills/development/my-code-reviewer
-
Edit
SKILL.md:- Modify
descriptionto adjust triggers - Customize check categories
- Add language-specific patterns
- Modify
-
Restart Claude Code:
claude --restart
See ../../TEMPLATES.md for customization guide.
// Before:
async function fetchUsers(ids) {
const users = [];
for (let id of ids) {
const user = await User.findById(id); // N+1 query!
users.push(user);
}
return users;
}
// I flag:
// ⚠️ N+1 query pattern detected (line 4)
// 💡 Use User.findByIds(ids) for batch loading
// After fix:
async function fetchUsers(ids) {
return await User.findByIds(ids);
}// Before:
function UserCard({ user }) {
const [data, setData] = useState();
useEffect(() => {
fetch(`/api/users/${user.id}`)
.then(res => res.json())
.then(setData);
}, []); // Missing dependency!
return <div>{data?.name}</div>;
}
// I flag:
// ⚠️ useEffect dependency array incomplete (line 6)
// 💡 Add user.id to dependencies: [user.id]
// After fix:
useEffect(() => {
fetch(`/api/users/${user.id}`)
.then(res => res.json())
.then(setData);
}, [user.id]);The /review command aggregates my findings with deep sub-agent analysis:
/review --scope staged --checks all
# Command workflow:
# 1. Collects my automatic findings
# 2. Invokes @code-reviewer sub-agent for deep analysis
# 3. Invokes @security-auditor sub-agent
# 4. Generates comprehensive report with priorities- Activation time: < 100ms
- Analysis time: < 1 second per file
- Memory usage: Minimal (read-only)
- Background operation: Non-blocking
This skill operates asynchronously and won't slow down your coding workflow.
- JavaScript/TypeScript (ES6+, React, Node.js)
- Python (3.8+, Django, FastAPI)
- Java (Spring Boot patterns)
- Go (standard patterns)
- Ruby, PHP, C#, Rust
- Framework-agnostic patterns apply
Want to add language-specific patterns? See customization guide above.
- Write code first, then review - Let me catch issues as you go
- Don't ignore warnings - Each flagged issue is worth reviewing
- Use sub-agent for learning - Invoke @code-reviewer to understand "why"
- Customize for your stack - Add project-specific patterns
- Combine with /review - Use command for comprehensive pre-commit checks
- security-auditor skill: Deeper security vulnerability scanning
- test-generator skill: Auto-suggest tests for your code
- @code-reviewer sub-agent: Comprehensive code review with examples
- /review command: Full workflow with multiple agents
- Architecture: ../../../ARCHITECTURE.md
- Templates: ../../TEMPLATES.md
- Sub-agents: ../../../agents/README.md