code-review

The code-review skill provides a rigorous framework for evaluating software quality. It acts as an expert engineering partner, capable of auditing entire codebases or specific components to ensure they meet modern development standards. By utilizing a structured checklist-driven methodology, the agent assesses code for critical vulnerabilities, logical flaws, performance bottlenecks, and architectural debt. It is designed for software engineers, tech leads, and security researchers who need to automate the manual toil of routine code assessments while maintaining high standards for production deployments.

• Performs deep-dive security audits including checks for injection vulnerabilities (SQL, XSS, command), authentication/authorization flaws, and hardcoded secrets using automated tools like npm audit, pip-audit, and static analysis grep patterns.

• Evaluates code correctness by identifying common pitfalls such as race conditions, resource leaks, improper error handling, and type safety issues in Python, JavaScript, and TypeScript.

• Optimizes performance by detecting N+1 database queries, inefficient algorithmic complexity (Big O), blocking synchronous I/O in async environments, and memory-intensive patterns.

• Enforces maintainability through strict naming conventions, complexity reduction (cyclomatic complexity analysis), elimination of dead/duplicated code, and documentation audit.

• Provides structured feedback in a standardized markdown format, including summaries, categorized issues with line-specific references, proposed remediation, and a clear merge-readiness verdict.

• Input: Source code files, git diffs, or PR descriptions. Output: Detailed markdown report with actionable technical recommendations.

• Best used for pre-merge PR review, periodic codebase health checks, and vulnerability assessment tasks.

• Constraints: While the agent employs automated tools like radon, grep, and package audit utilities, human oversight remains essential for architectural decisions and business-specific logic verification.

• Operational tips: Provide context about the codebase (e.g., framework versions, concurrency requirements) to allow the agent to calibrate its checklists more accurately. Run the agent against specific modules to reduce noise in large repositories.