code-review

Perform thorough code reviews on pull requests, diffs, or code changes. Use when asked to review code, check a PR, or provide feedback on changes.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "code-review" with this command: npx skills add amorriscode/agent-grimoire/amorriscode-agent-grimoire-code-review

Code Review

A structured approach to reviewing code changes.

Instructions

When reviewing code, follow this process:

1. Understand the Context

Before diving into the code:

  • Read the PR description or commit message
  • Understand what problem is being solved
  • Note any linked issues or requirements

2. Review in Passes

Make multiple passes through the code:

First pass — Correctness

  • Does the code do what it claims to do?
  • Are there logic errors or edge cases missed?
  • Could this break existing functionality?

Second pass — Security

  • Input validation present where needed?
  • No hardcoded secrets or credentials?
  • SQL injection, XSS, or other OWASP top 10 risks?

Third pass — Maintainability

  • Is the code readable and well-organized?
  • Are names clear and consistent?
  • Is complexity justified?

Fourth pass — Performance

  • Any obvious inefficiencies (N+1 queries, unnecessary loops)?
  • Appropriate data structures used?
  • Resource cleanup handled?

3. Provide Feedback

Structure your review:

## Summary
[One sentence overall assessment]

## What's Good
- [Positive observations]

## Suggestions
- [Actionable improvements, ordered by importance]

## Questions
- [Clarifying questions if any]

4. Severity Levels

Categorize issues:

  • Blocker — Must fix before merge (bugs, security issues)
  • Should fix — Important but not blocking
  • Nitpick — Style preferences, minor suggestions

Examples

Example Review Output

## Summary
Solid implementation of user authentication. One security issue needs addressing before merge.

## What's Good
- Clean separation of auth logic from route handlers
- Good use of bcrypt for password hashing
- Comprehensive error handling

## Suggestions
1. **[Blocker]** Line 45: Password reset token should use `crypto.randomBytes(32)` instead of `Math.random()` — predictable tokens are a security risk
2. **[Should fix]** Line 78: Consider adding rate limiting to prevent brute force attempts
3. **[Nitpick]** Line 12: Typo in variable name `authetication` → `authentication`

## Questions
- Is there a reason we're storing sessions in memory rather than Redis? This won't scale across multiple instances.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

solid-development

No summary provided by upstream source.

Repository SourceNeeds Review
-3
amorriscode
Coding

code-review

When to use this skill

Repository Source
4811.4K
supercent-io
Coding

code-review

No summary provided by upstream source.

Repository SourceNeeds Review
-1.2K
llama-farm