# Automate GitHub code reviews with AI swarm Manual code reviews take too long and lack consistency. This skill deploys specialized AI agents to analyze security, performance, architecture, and style in parallel, providing comprehensive feedback faster than human reviewers alone. ## Install ```bash npx skillstore add claude code flow/ruvnet-github-code-review ``` ## Metadata - - Slug: ruvnet-github-code-review - - Version: 1.0.0 - - Author: Claude Code Flow - - GitHub username: ruvnet - - License: MIT - - Repository: https://github.com/ruvnet/claude-flow/tree/main/.claude/skills/github-code-review - - Ref: main - - Supported tools: Claude, Claude Code - - Risk level: low - - Risk factors: external\_commands, network, filesystem - - Quality score: 77 - - Quality tier: bronze - - Public page: https://skillstore.pages.dev/skills/ruvnet-github-code-review - - Manifest: https://skillstore.pages.dev/api/skills/ruvnet-github-code-review/manifest ## Capabilities - Deploy multiple specialized review agents in parallel - Analyze security vulnerabilities with OWASP checks - Evaluate performance impact and optimization opportunities - Enforce coding standards and architectural patterns - Generate contextual review comments with fix suggestions - Integrate with GitHub CLI for seamless PR workflow ## Use Cases - Scale code review capacity: Handle multiple PRs simultaneously with specialized agents focusing on security, performance, and code quality. - Maintain quality standards: Ensure consistent review quality across all contributions with automated checks for security and style compliance. - Enforce compliance requirements: Automatically validate code against organizational standards and regulatory requirements before merge. ## Prompt Templates ### Basic PR Review ``` Review PR #123 for a bug fix in the authentication module. Check for security issues, test coverage, and code style compliance. ``` ### Security Review ``` Perform security review on PR #456 affecting payment endpoints. Check for SQL injection, XSS, authentication bypasses, and secret exposure. ``` ### Performance Analysis ``` Analyze PR #789 for performance impact on database queries. Check for N+1 queries, missing indexes, caching opportunities. ``` ### Architecture Validation ``` Evaluate PR #321 for SOLID principles, dependency management, API design, and integration patterns. ``` ## Limitations - Requires GitHub CLI authentication and repository access - Network-dependent for GitHub API operations - May generate false positives requiring human verification - Limited to repositories with GitHub CLI support ## Best Practices - Configure review thresholds appropriate for your team maturity level - Use incremental reviews for large PRs to avoid overwhelming feedback - Train agents on your codebase patterns to reduce false positives over time ## Anti Patterns - Relying solely on automated reviews without human oversight - Running all agents on every PR regardless of change scope - Ignoring review suggestions without documenting justification ## Security Audit - - Safe to publish: true - - Audited at: 2026-01-17T07:27:47.438\+00:00 - - Summary: After evaluating all static findings, this skill is a legitimate code review tool. The detected patterns are false positives - the skill uses GitHub CLI for standard PR operations, network access is limited to GitHub API, and credential access is necessary for authenticated GitHub operations. The static analyzer flagged documentation examples of security checks \(like Windows SAM patterns\) as if the skill itself accessed those systems, which is incorrect. All external commands use hardcoded GitHub CLI tools with validated inputs. ## Stats - - Views: 188 - - Downloads: 8 - - Favorites: 0 - - Popularity score: 0