django-reviewer

Django Reviewer Skill

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "django-reviewer" with this command: npx skills add physics91/claude-vibe/physics91-claude-vibe-django-reviewer

Django Reviewer Skill

Purpose

Reviews Django projects for ORM usage, view patterns, security, and best practices.

When to Use

  • Django project code review

  • ORM query optimization

  • View/template review

  • Admin customization review

  • Migration safety check

Project Detection

  • django in requirements.txt/pyproject.toml

  • manage.py in project root

  • settings.py with INSTALLED_APPS

  • urls.py , views.py , models.py files

Workflow

Step 1: Analyze Project

Django: 4.2+ / 5.0+ Database: PostgreSQL/MySQL/SQLite Template Engine: Django Templates/Jinja2 REST: Django REST Framework Admin: Django Admin / Unfold

Step 2: Select Review Areas

AskUserQuestion:

"Which areas to review?" Options:

  • Full Django review (recommended)
  • ORM and query optimization
  • Views and URL patterns
  • Templates and security
  • Admin customization multiSelect: true

Detection Rules

ORM Optimization

Check Recommendation Severity

N+1 query Use select_related/prefetch_related CRITICAL

.all() in template Prefetch in view HIGH

filter().first() Use .filter().first() or get_or_none LOW

Multiple .save() Use bulk_update/bulk_create MEDIUM

BAD: N+1 query

def get_orders(request): orders = Order.objects.all() # Each order.customer triggers a query! return render(request, "orders.html", {"orders": orders})

GOOD: select_related for ForeignKey

def get_orders(request): orders = Order.objects.select_related("customer").all() return render(request, "orders.html", {"orders": orders})

GOOD: prefetch_related for ManyToMany/reverse FK

def get_orders(request): orders = Order.objects.prefetch_related("items").all() return render(request, "orders.html", {"orders": orders})

BAD: Multiple saves

for item in items: item.status = "processed" item.save()

GOOD: Bulk update

Item.objects.filter(id__in=item_ids).update(status="processed")

View Patterns

Check Recommendation Severity

Function view for CRUD Use Class-Based Views LOW

No permission check Add @login_required or PermissionMixin HIGH

Business logic in view Move to service/manager MEDIUM

No pagination Add Paginator MEDIUM

BAD: Logic in view

def create_order(request): if request.method == "POST": # Too much logic here user = request.user cart = Cart.objects.get(user=user) order = Order.objects.create(user=user, total=cart.total) for item in cart.items.all(): OrderItem.objects.create(order=order, product=item.product) cart.items.all().delete() send_confirmation_email(user, order) return redirect("order_detail", order.id)

GOOD: Service layer

services/order_service.py

class OrderService: @staticmethod def create_from_cart(user: User) -> Order: cart = Cart.objects.get(user=user) order = Order.objects.create(user=user, total=cart.total) OrderItem.objects.bulk_create([ OrderItem(order=order, product=item.product) for item in cart.items.all() ]) cart.items.all().delete() send_confirmation_email.delay(user.id, order.id) # Celery task return order

views.py

class CreateOrderView(LoginRequiredMixin, View): def post(self, request): order = OrderService.create_from_cart(request.user) return redirect("order_detail", order.id)

Template Security

Check Recommendation Severity

|safe filter misuse Only use for trusted content CRITICAL

{% autoescape off %} Avoid, use mark_safe in Python HIGH

User input in JS Use json_script filter HIGH

No CSRF token Add {% csrf_token %} CRITICAL

<!-- BAD: XSS vulnerability --> <div>{{ user_content|safe }}</div>

<!-- GOOD: Auto-escaped (default) --> <div>{{ user_content }}</div>

<!-- BAD: User data in JS --> <script> var data = "{{ user_data }}"; // XSS risk! </script>

<!-- GOOD: json_script filter --> {{ user_data|json_script:"user-data" }} <script> const data = JSON.parse( document.getElementById("user-data").textContent ); </script>

Model Design

Check Recommendation Severity

No indexes on filter fields Add db_index=True HIGH

CharField without max_length Always specify max_length MEDIUM

No str method Add for admin display LOW

No Meta ordering Add default ordering LOW

GOOD: Well-designed model

class Order(models.Model): user = models.ForeignKey( User, on_delete=models.CASCADE, related_name="orders", ) status = models.CharField( max_length=20, choices=OrderStatus.choices, default=OrderStatus.PENDING, db_index=True, # Frequently filtered ) created_at = models.DateTimeField(auto_now_add=True, db_index=True) updated_at = models.DateTimeField(auto_now=True)

class Meta:
    ordering = ["-created_at"]
    indexes = [
        models.Index(fields=["user", "status"]),
    ]

def __str__(self):
    return f"Order {self.id} - {self.user.email}"

Migration Safety

Check Recommendation Severity

Non-nullable field without default Add default or null=True first CRITICAL

Large table ALTER Use RunSQL with concurrent index HIGH

Data migration in schema migration Separate into data migration MEDIUM

BAD: Adding non-nullable field

class Migration(migrations.Migration): operations = [ migrations.AddField( model_name="order", name="tracking_number", field=models.CharField(max_length=100), # Will fail! ), ]

GOOD: Safe migration strategy

Step 1: Add nullable field

migrations.AddField( model_name="order", name="tracking_number", field=models.CharField(max_length=100, null=True), ),

Step 2: Data migration to populate

Step 3: Make non-nullable with default

Response Template

Django Code Review Results

Project: [name] Django: 5.0 | DB: PostgreSQL | DRF: 3.14

ORM Optimization

StatusFileIssue
CRITICALviews.py:45N+1 query - missing select_related

View Patterns

StatusFileIssue
HIGHviews.py:23Missing LoginRequiredMixin

Template Security

StatusFileIssue
CRITICALtemplates/user.html:12Unsafe

Migrations

StatusFileIssue
CRITICAL0015_add_field.pyNon-nullable field without default

Recommended Actions

  1. Add select_related to order queries
  2. Add permission mixins to views
  3. Remove |safe from user content
  4. Fix migration for tracking_number field

Best Practices

  • ORM: Always prefetch related objects

  • Views: Use CBV, service layer for logic

  • Security: CSRF, XSS prevention, permissions

  • Migrations: Zero-downtime strategies

  • Testing: Factory Boy, pytest-django

Integration

  • python-reviewer : General Python patterns

  • security-scanner : Django security audit

  • sql-optimizer : Query analysis

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

java-reviewer

No summary provided by upstream source.

Repository SourceNeeds Review
11-physics91
General

sql-optimizer

No summary provided by upstream source.

Repository SourceNeeds Review
3-physics91
General

readme-generator

No summary provided by upstream source.

Repository SourceNeeds Review
3-physics91
Coding

python-reviewer

No summary provided by upstream source.

Repository SourceNeeds Review
4-physics91