A comprehensive code review skill for AI agents. Performs structured reviews with a senior engineer lens, covering architecture, security, performance, and code quality.
npx skills add sanyuan0704/code-review-expert- SOLID Principles - Detect SRP, OCP, LSP, ISP, DIP violations
- Security Scan - XSS, injection, SSRF, race conditions, auth gaps, secrets leakage
- Performance - N+1 queries, CPU hotspots, missing cache, memory issues
- Error Handling - Swallowed exceptions, async errors, missing boundaries
- Boundary Conditions - Null handling, empty collections, off-by-one, numeric limits
- Removal Planning - Identify dead code with safe deletion plans
After installation, simply run:
/code-review-expert
The skill will automatically review your current git changes.
- Preflight - Scope changes via
git diff - SOLID + Architecture - Check design principles
- Removal Candidates - Find dead/unused code
- Security Scan - Vulnerability detection
- Code Quality - Error handling, performance, boundaries
- Output - Findings by severity (P0-P3)
- Confirmation - Ask user before implementing fixes
| Level | Name | Action |
|---|---|---|
| P0 | Critical | Must block merge |
| P1 | High | Should fix before merge |
| P2 | Medium | Fix or create follow-up |
| P3 | Low | Optional improvement |
code-review-expert/
├── SKILL.md # Main skill definition
├── agents/
│ └── agent.yaml # Agent interface config
└── references/
├── solid-checklist.md # SOLID smell prompts
├── security-checklist.md # Security & reliability
├── code-quality-checklist.md # Error, perf, boundaries
└── removal-plan.md # Deletion planning template
Each checklist provides detailed prompts and anti-patterns:
- solid-checklist.md - SOLID violations + common code smells
- security-checklist.md - OWASP risks, race conditions, crypto, supply chain
- code-quality-checklist.md - Error handling, caching, N+1, null safety
- removal-plan.md - Safe vs deferred deletion with rollback plans
MIT