code-review-checklist
إتقان مراجعات الكود مع قوائم شاملة
提供系统的检查清单进行彻底的代码审查,帮助审查者发现错误、识别安全问题,并在任何代码库中维护代码质量标准。
Télécharger le ZIP du skill
Importer dans Claude
Allez dans Paramètres → Capacités → Skills → Importer un skill
Activez et commencez à utiliser
Tester
Utilisation de "code-review-checklist". Review this code for security issues: const query = `SELECT * FROM users WHERE email = '${email}'`
Résultat attendu:
Security Issue Found:
**Issue:** SQL Injection Vulnerability
The code uses string interpolation to build a SQL query, allowing attackers to inject malicious SQL code through the email parameter.
**Risk:** Attackers could extract, modify, or delete database contents.
**Recommendation:** Use parameterized queries:
```javascript
const query = 'SELECT * FROM users WHERE email = $1';
db.query(query, [email]);
```
Utilisation de "code-review-checklist". Check this code for best practices: function calc(a, b, c) { return a * b + c; }
Résultat attendu:
Code Quality Issue Found:
**Issue:** Unclear naming
- Variable names 'a', 'b', 'c' are not descriptive
- Function name 'calc' does not explain what is being calculated
- Magic numbers should be replaced with named constants
**Recommendation:** Use descriptive names:
```javascript
function calculateTotalPrice(quantity, unitPrice, tax) {
return quantity * unitPrice + tax;
}
```
Utilisation de "code-review-checklist". What should I check for in a pre-review?
Résultat attendu:
Pre-Review Checklist:
- [ ] Read the PR description and linked issues
- [ ] Understand what problem is being solved
- [ ] Check if tests pass in CI/CD
- [ ] Pull the branch and run it locally
- [ ] Review any related documentation changes
Audit de sécurité
SûrThis skill is a benign code review checklist educational resource. All static analyzer findings are FALSE POSITIVES triggered by example code snippets in documentation. The skill teaches security best practices by showing examples of vulnerable code patterns (SQL injection, hardcoded secrets) to help developers identify and avoid them during reviews.
Score de qualité
Ce que vous pouvez construire
مراجعات طلبات السحب
使用检查清单系统地审查请求请求,并在批准更改之前确保不会遗漏任何内容。
عمليات التدقيق الأمني
应用以安全为重点的检查清单部分来识别部署前代码中的潜在漏洞。
تكوين الفريق
使用综合检查清单框架培训新团队成员了解代码审查标准和最佳实践。
Essayez ces prompts
Use the code review checklist to review these changes: [paste diff or describe changes]. Focus on functionality, security, and code quality.
Perform a security review of this code using the security checklist. Look for SQL injection, XSS, authentication issues, hardcoded secrets, and input validation: [paste code]
Conduct a thorough code review using all checklist sections: functionality, security, performance, code quality, tests, and documentation. Review these changes: [paste diff or describe changes]
Help me write constructive review comments for the following issues found during code review: [list issues]. Use the review comment templates from the checklist.
Bonnes pratiques
- 审查小的、集中的更改而不是大的PR以确保彻底性
- 首先检查测试 - 验证它们是否通过并充分覆盖新代码
- 除了手动审查外,还使用自动化工具如linter和安全扫描仪
- 专注于重要的问题如安全和逻辑错误,而不是小问题
Éviter
- 不要在未真正阅读和理解代码的情况下批准代码
- 不要跳过安全检查 - 安全漏洞是关键
- 不要提供模糊的反馈而没有具体的例子或建议
- 不要橡皮图章审查 - 每次审查都应该增加价值