ReddRadar
Agent skill
code-review
Perform thorough code reviews with security, performance, and maintainability analysis. Use when user asks to review code, check for bugs, or audit a codebase.
Install this agent skill to your Project
npx add-skill https://github.com/shareAI-lab/learn-claude-code/tree/main/skills/code-review
SKILL.md
Code Review Skill
You now have expertise in conducting comprehensive code reviews. Follow this structured approach:
Review Checklist
1. Security (Critical)
Check for:
- Injection vulnerabilities: SQL, command, XSS, template injection
- Authentication issues: Hardcoded credentials, weak auth
- Authorization flaws: Missing access controls, IDOR
- Data exposure: Sensitive data in logs, error messages
- Cryptography: Weak algorithms, improper key management
- Dependencies: Known vulnerabilities (check with
npm audit,pip-audit)
# Quick security scans
npm audit # Node.js
pip-audit # Python
cargo audit # Rust
grep -r "password\|secret\|api_key" --include="*.py" --include="*.js"
2. Correctness
Check for:
- Logic errors: Off-by-one, null handling, edge cases
- Race conditions: Concurrent access without synchronization
- Resource leaks: Unclosed files, connections, memory
- Error handling: Swallowed exceptions, missing error paths
- Type safety: Implicit conversions, any types
3. Performance
Check for:
- N+1 queries: Database calls in loops
- Memory issues: Large allocations, retained references
- Blocking operations: Sync I/O in async code
- Inefficient algorithms: O(n^2) when O(n) possible
- Missing caching: Repeated expensive computations
4. Maintainability
Check for:
- Naming: Clear, consistent, descriptive
- Complexity: Functions > 50 lines, deep nesting > 3 levels
- Duplication: Copy-pasted code blocks
- Dead code: Unused imports, unreachable branches
- Comments: Outdated, redundant, or missing where needed
5. Testing
Check for:
- Coverage: Critical paths tested
- Edge cases: Null, empty, boundary values
- Mocking: External dependencies isolated
- Assertions: Meaningful, specific checks
Review Output Format
## Code Review: [file/component name]
### Summary
[1-2 sentence overview]
### Critical Issues
1. **[Issue]** (line X): [Description]
- Impact: [What could go wrong]
- Fix: [Suggested solution]
### Improvements
1. **[Suggestion]** (line X): [Description]
### Positive Notes
- [What was done well]
### Verdict
[ ] Ready to merge
[ ] Needs minor changes
[ ] Needs major revision
Common Patterns to Flag
Python
# Bad: SQL injection
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# Good:
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
# Bad: Command injection
os.system(f"ls {user_input}")
# Good:
subprocess.run(["ls", user_input], check=True)
# Bad: Mutable default argument
def append(item, lst=[]): # Bug: shared mutable default
# Good:
def append(item, lst=None):
lst = lst or []
JavaScript/TypeScript
// Bad: Prototype pollution
Object.assign(target, userInput)
// Good:
Object.assign(target, sanitize(userInput))
// Bad: eval usage
eval(userCode)
// Good: Never use eval with user input
// Bad: Callback hell
getData(x => process(x, y => save(y, z => done(z))))
// Good:
const data = await getData();
const processed = await process(data);
await save(processed);
Review Commands
# Show recent changes
git diff HEAD~5 --stat
git log --oneline -10
# Find potential issues
grep -rn "TODO\|FIXME\|HACK\|XXX" .
grep -rn "password\|secret\|token" . --include="*.py"
# Check complexity (Python)
pip install radon && radon cc . -a
# Check dependencies
npm outdated # Node
pip list --outdated # Python
Review Workflow
- Understand context: Read PR description, linked issues
- Run the code: Build, test, run locally if possible
- Read top-down: Start with main entry points
- Check tests: Are changes tested? Do tests pass?
- Security scan: Run automated tools
- Manual review: Use checklist above
- Write feedback: Be specific, suggest fixes, be kind
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
shareAI-lab/learn-claude-code
mcp-builder
Build MCP (Model Context Protocol) servers that give Claude new capabilities. Use when user wants to create an MCP server, add tools to Claude, or integrate external services.
shareAI-lab/learn-claude-code
Process PDF files - extract text, create PDFs, merge documents. Use when user asks to read PDF, create PDF, or work with PDF files.
shareAI-lab/learn-claude-code
agent-builder
Design and build AI agents for any domain. Use when users: (1) ask to "create an agent", "build an assistant", or "design an AI system" (2) want to understand agent architecture, agentic patterns, or autonomous AI (3) need help with capabilities, subagents, planning, or skill mechanisms (4) ask about Claude Code, Cursor, or similar agent internals (5) want to build agents for business, research, creative, or operational tasks Keywords: agent, assistant, autonomous, workflow, tool use, multi-step, orchestration
shareAI-lab/shareAI-skills
skill-judge
Evaluate Agent Skill design quality against official specifications and best practices. Use when reviewing, auditing, or improving SKILL.md files and skill packages. Provides multi-dimensional scoring and actionable improvement suggestions.
shareAI-lab/shareAI-skills
media-writer
Create platform-native content that resonates with each community's culture. Use when adapting technical content for WeChat, Hacker News, Reddit, Medium, Twitter/X, Dev.to, or LinkedIn. Transforms generic writing into content that feels written BY that community, not AT them.
shareAI-lab/shareAI-skills
vibe-coding
Transform an AI agent into a tasteful, disciplined development partner. Not just a code generator, but a collaborator with professional standards, transparent decision-making, and craftsmanship. Use for any development task: building features, fixing bugs, designing systems, refactoring. The human provides vision and decisions. The agent provides execution with taste and discipline.
Didn't find tool you were looking for?