skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
skillcreatorai/ai-agent-skills970 installs

code-review

Automated code review for pull requests using specialized review patterns. Analyzes code for quality, security, performance, and best practices. Use when reviewing code changes, PRs, or doing code audits.

How do I install this agent skill?

npx skills add https://github.com/skillcreatorai/ai-agent-skills --skill code-review
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill provides instructional patterns for automated code reviews. It contains no executable code, makes no network requests, and originates from a trusted source.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • Runlayerpass

    1 file scanned · No issues

What does this agent skill do?

Code Review

Review Categories

1. Security Review

Check for:

  • SQL injection vulnerabilities
  • XSS (Cross-Site Scripting)
  • Command injection
  • Insecure deserialization
  • Hardcoded secrets/credentials
  • Improper authentication/authorization
  • Insecure direct object references

2. Performance Review

Check for:

  • N+1 queries
  • Missing database indexes
  • Unnecessary re-renders (React)
  • Memory leaks
  • Blocking operations in async code
  • Missing caching opportunities
  • Large bundle sizes

3. Code Quality Review

Check for:

  • Code duplication (DRY violations)
  • Functions doing too much (SRP violations)
  • Deep nesting / complex conditionals
  • Magic numbers/strings
  • Poor naming
  • Missing error handling
  • Incomplete type coverage

4. Testing Review

Check for:

  • Missing test coverage for new code
  • Tests that don't test behavior
  • Flaky test patterns
  • Missing edge cases
  • Mocked external dependencies

Review Output Format

## Code Review Summary

### 🔴 Critical (Must Fix)
- **[File:Line]** [Issue description]
  - **Why:** [Explanation]
  - **Fix:** [Suggested fix]

### 🟡 Suggestions (Should Consider)
- **[File:Line]** [Issue description]
  - **Why:** [Explanation]
  - **Fix:** [Suggested fix]

### 🟢 Nits (Optional)
- **[File:Line]** [Minor suggestion]

### ✅ What's Good
- [Positive feedback on good patterns]

Common Patterns to Flag

Security

// BAD: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]);

Performance

// BAD: N+1 query
users.forEach(async user => {
  const posts = await getPosts(user.id);
});

// GOOD: Batch query
const userIds = users.map(u => u.id);
const posts = await getPostsForUsers(userIds);

Error Handling

// BAD: Swallowing errors
try {
  await riskyOperation();
} catch (e) {}

// GOOD: Handle or propagate
try {
  await riskyOperation();
} catch (e) {
  logger.error('Operation failed', { error: e });
  throw new AppError('Operation failed', { cause: e });
}

Review Checklist

  • No hardcoded secrets
  • Input validation present
  • Error handling complete
  • Types/interfaces defined
  • Tests added for new code
  • No obvious performance issues
  • Code is readable and documented
  • Breaking changes documented

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/skillcreatorai/ai-agent-skills/code-review">View code-review on skillZs</a>