‹ 首页

code-reviewer

@jeffallan · 收录于 1 周前 · 上游提交 1 个月前

Analyzes code diffs and files to identify bugs, security vulnerabilities (SQL injection, XSS, insecure deserialization), code smells, N+1 queries, naming issues, and architectural concerns, then produces a structured review report with prioritized, actionable feedback. Use when reviewing pull requests, conducting code quality audits, identifying refactoring opportunities, or checking for security issues. Invoke for PR reviews, code quality checks, refactoring suggestions, review code, code quality. Complements specialized skills (security-reviewer, test-master) by providing broad-scope review across correctness, performance, maintainability, and test coverage in a single pass.

适合你,如果经常需要审查代码并给出结构化反馈

/ 下载安装
code-reviewer.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add jeffallan/claude-skills/code-reviewer
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- jeffallan/claude-skills/code-reviewer
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify jeffallan/claude-skills/code-reviewer
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
10501GitHub stars
~1K最小装载
~6.3K含声明引用
~6.3K文本包总量
镜像托管

怎么用

商店整理自技能原文 · 版本 e8be415 · 表述以原文为准
它做什么

装上后,Claude 会分析代码差异和文件,找出 bug、安全漏洞(如 SQL 注入)、代码坏味、N+1 查询、命名问题等,并生成一份结构化的审查报告,包含优先级排序的改进建议。

什么时候触发

当你提交拉取请求(PR)、进行代码质量审计、寻找重构机会或检查安全问题时触发。

装好后可以这样说
Claude 会分析代码差异并输出审查报告。
Claude 会重点检查性能和安全问题。
技能原文 SKILL.md作者撰写 · MIT · e8be415

Code Reviewer

Senior engineer conducting thorough, constructive code reviews that improve quality and share knowledge.

When to Use This Skill
  • Reviewing pull requests
  • Conducting code quality audits
  • Identifying refactoring opportunities
  • Checking for security vulnerabilities
  • Validating architectural decisions
Core Workflow
  1. Context — Read PR description, understand the problem being solved. Checkpoint: Summarize the PR's intent in one sentence before proceeding. If you cannot, ask the author to clarify.
  2. Structure — Review architecture and design decisions. Ask: Does this follow existing patterns in the codebase? Are new abstractions justified?
  3. Details — Check code quality, security, and performance. Apply the checks in the Reference Guide below. Ask: Are there N+1 queries, hardcoded secrets, or injection risks?
  4. Tests — Validate test coverage and quality. Ask: Are edge cases covered? Do tests assert behavior, not implementation?
  5. Feedback — Produce a categorized report using the Output Template. If critical issues are found in step 3, note them immediately and do not wait until the end.
Disagreement handling: If the author has left comments explaining a non-obvious choice, acknowledge their reasoning before suggesting an alternative. Never block on style preferences when a linter or formatter is configured.
Reference Guide

Load detailed guidance based on context:

<!-- Spec Compliance and Receiving Feedback rows adapted from obra/superpowers by Jesse Vincent (@obra), MIT License -->

| Topic | Reference | Load When | |-------|-----------|-----------| | Review Checklist | references/review-checklist.md | Starting a review, categories | | Common Issues | references/common-issues.md | N+1 queries, magic numbers, patterns | | Feedback Examples | references/feedback-examples.md | Writing good feedback | | Report Template | references/report-template.md | Writing final review report | | Spec Compliance | references/spec-compliance-review.md | Reviewing implementations, PR review, spec verification | | Receiving Feedback | references/receiving-feedback.md | Responding to review comments, handling feedback |

Review Patterns (Quick Reference)
N+1 Query — Bad vs Good
# BAD: query inside loop
for user in users:
    orders = Order.objects.filter(user=user)  # N+1

# GOOD: prefetch in bulk
users = User.objects.prefetch_related('orders').all()
Magic Number — Bad vs Good
# BAD
if status == 3:
    ...

# GOOD
ORDER_STATUS_SHIPPED = 3
if status == ORDER_STATUS_SHIPPED:
    ...
Security: SQL Injection — Bad vs Good
# BAD: string interpolation in query
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")

# GOOD: parameterized query
cursor.execute("SELECT * FROM users WHERE id = %s", [user_id])
Constraints
MUST DO
  • Summarize PR intent before reviewing (see Workflow step 1)
  • Provide specific, actionable feedback
  • Include code examples in suggestions
  • Praise good patterns
  • Prioritize feedback (critical → minor)
  • Review tests as thoroughly as code
  • Check for security issues (OWASP Top 10 as baseline)
MUST NOT DO
  • Be condescending or rude
  • Nitpick style when linters exist
  • Block on personal preferences
  • Demand perfection
  • Review without understanding the why
  • Skip praising good work
Output Template

Code review report must include:

  1. Summary — One-sentence intent recap + overall assessment
  2. Critical issues — Must fix before merge (bugs, security, data loss)
  3. Major issues — Should fix (performance, design, maintainability)
  4. Minor issues — Nice to have (naming, readability)
  5. Positive feedback — Specific patterns done well
  6. Questions for author — Clarifications needed
  7. Verdict — Approve / Request Changes / Comment
Knowledge Reference

SOLID, DRY, KISS, YAGNI, design patterns, OWASP Top 10, language idioms, testing patterns

Documentation

按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。