skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
proffesor-for-testing/agentic-qe1.4k installs

code-review-quality

Conduct context-driven code reviews focusing on quality, testability, and maintainability. Use when reviewing code, providing feedback, or establishing review practices.

How do I install this agent skill?

npx skills add https://github.com/proffesor-for-testing/agentic-qe --skill code-review-quality
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    The skill provides a framework for automated code reviews. It is logically sound and lacks malicious patterns like data exfiltration or unauthorized code execution. It is assessed with a low severity finding because it processes untrusted source code as its primary function, creating a surface for indirect prompt injection.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • Runlayerpass

    3 files scanned · No issues

  • ZeroLeakspass

    Score: 93/100 · 2 sections analyzed

What does this agent skill do?

Code Review Quality

<default_to_action> When reviewing code or establishing review practices:

  1. PRIORITIZE feedback: 🔴 Blocker (must fix) → 🟡 Major → 🟢 Minor → 💡 Suggestion
  2. FOCUS on: Bugs, security, testability, maintainability (not style preferences)
  3. ASK questions over commands: "Have you considered...?" > "Change this to..."
  4. PROVIDE context: Why this matters, not just what to change
  5. LIMIT scope: Review < 400 lines at a time for effectiveness

Quick Review Checklist:

  • Logic: Does it work correctly? Edge cases handled?
  • Security: Input validation? Auth checks? Injection risks?
  • Testability: Can this be tested? Is it tested?
  • Maintainability: Clear naming? Single responsibility? DRY?
  • Performance: O(n²) loops? N+1 queries? Memory leaks?

Critical Success Factors:

  • Review the code, not the person
  • Catching bugs > nitpicking style
  • Fast feedback (< 24h) > thorough feedback </default_to_action>

Quick Reference Card

When to Use

  • PR code reviews
  • Pair programming feedback
  • Establishing team review standards
  • Mentoring developers

Feedback Priority Levels

LevelIconMeaningAction
Blocker🔴Bug/security/crashMust fix before merge
Major🟡Logic issue/test gapShould fix before merge
Minor🟢Style/namingNice to fix
Suggestion💡Alternative approachConsider for future

Review Scope Limits

Lines ChangedRecommendation
< 200Single review session
200-400Review in chunks
> 400Request PR split

What to Focus On

✅ Review❌ Skip
Logic correctnessFormatting (use linter)
Security risksNaming preferences
Test coverageArchitecture debates
Performance issuesStyle opinions
Error handlingTrivial changes

Feedback Templates

Blocker (Must Fix)

🔴 **BLOCKER: SQL Injection Risk**

This query is vulnerable to SQL injection:
```javascript
db.query(`SELECT * FROM users WHERE id = ${userId}`)

Fix: Use parameterized queries:

db.query('SELECT * FROM users WHERE id = ?', [userId])

Why: User input directly in SQL allows attackers to execute arbitrary queries.


### Major (Should Fix)
```markdown
🟡 **MAJOR: Missing Error Handling**

What happens if `fetchUser()` throws? The error bubbles up unhandled.

**Suggestion:** Add try/catch with appropriate error response:
```javascript
try {
  const user = await fetchUser(id);
  return user;
} catch (error) {
  logger.error('Failed to fetch user', { id, error });
  throw new NotFoundError('User not found');
}

### Minor (Nice to Fix)
```markdown
🟢 **minor:** Variable name could be clearer

`d` doesn't convey meaning. Consider `daysSinceLastLogin`.

Suggestion (Consider)

💡 **suggestion:** Consider extracting this to a helper

This validation logic appears in 3 places. A `validateEmail()` helper would reduce duplication. Not blocking, but might be worth a follow-up PR.

Review Questions to Ask

Logic

  • What happens when X is null/empty/negative?
  • Is there a race condition here?
  • What if the API call fails?

Security

  • Is user input validated/sanitized?
  • Are auth checks in place?
  • Any secrets or PII exposed?

Testability

  • How would you test this?
  • Are dependencies injectable?
  • Is there a test for the happy path? Edge cases?

Maintainability

  • Will the next developer understand this?
  • Is this doing too many things?
  • Is there duplication we could reduce?

Minimum Findings Enforcement

Reviews must meet a minimum weighted finding score of 3.0 (CRITICAL=3, HIGH=2, MEDIUM=1, LOW=0.5, INFORMATIONAL=0.25). If the initial review falls short, run the qe-devils-advocate agent as a meta-reviewer to find additional observations. Every review should have at least 3 actionable observations.


Agent-Assisted Reviews

// Comprehensive code review
await Task("Code Review", {
  prNumber: 123,
  checks: ['security', 'performance', 'testability', 'maintainability'],
  feedbackLevels: ['blocker', 'major', 'minor'],
  autoApprove: { maxBlockers: 0, maxMajor: 2 }
}, "qe-quality-analyzer");

// Security-focused review
await Task("Security Review", {
  prFiles: changedFiles,
  scanTypes: ['injection', 'auth', 'secrets', 'dependencies']
}, "qe-security-scanner");

// Test coverage review
await Task("Coverage Review", {
  prNumber: 123,
  requireNewTests: true,
  minCoverageDelta: 0
}, "qe-coverage-analyzer");

Agent Coordination Hints

Memory Namespace

aqe/code-review/
├── review-history/*     - Past review decisions
├── patterns/*           - Common issues by team/repo
├── feedback-templates/* - Reusable feedback
└── metrics/*            - Review turnaround time

Fleet Coordination

const reviewFleet = await FleetManager.coordinate({
  strategy: 'code-review',
  agents: [
    'qe-quality-analyzer',    // Logic, maintainability
    'qe-security-scanner',    // Security risks
    'qe-performance-tester',  // Performance issues
    'qe-coverage-analyzer'    // Test coverage
  ],
  topology: 'parallel'
});

Review Etiquette

✅ Do❌ Don't
"Have you considered...?""This is wrong"
Explain why it mattersJust say "fix this"
Acknowledge good codeOnly point out negatives
Suggest, don't demandBe condescending
Review < 400 linesReview 2000 lines at once

Related Skills


Remember

Prioritize feedback: 🔴 Blocker → 🟡 Major → 🟢 Minor → 💡 Suggestion. Focus on bugs and security, not style. Ask questions, don't command. Review < 400 lines at a time. Fast feedback (< 24h) beats thorough feedback.

With Agents: Agents automate security, performance, and coverage checks, freeing human reviewers to focus on logic and design. Use agents for consistent, fast initial review.

Skill Composition

  • Security concerns → Compose with /security-testing for security-focused review
  • Coverage check → Run /qe-coverage-analysis on changed files
  • Ship decision → Feed review results into /qe-quality-assessment

Gotchas

  • Agent reviews >400 lines at once and misses issues — chunk reviews to 200-400 lines maximum
  • Nitpicking style while missing logic bugs is the #1 agent review failure — prioritize correctness over formatting
  • Agent approves code that compiles but has subtle race conditions — always check shared state and async patterns
  • Review comments without suggested fixes are unhelpful — always include a proposed alternative
  • Agent doesn't check if the PR actually solves the linked issue — verify the stated problem is actually fixed

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/proffesor-for-testing/agentic-qe/code-review-quality">View code-review-quality on skillZs</a>