code-review-checklist
Master Code Reviews with Comprehensive Checklists
This skill provides systematic checklists for conducting thorough code reviews, helping reviewers catch bugs, identify security issues, and maintain code quality standards across any codebase.
下载技能 ZIP
在 Claude 中上传
前往 设置 → 功能 → 技能 → 上传技能
开启并开始使用
测试它
正在使用“code-review-checklist”。 Review this code for security issues: const query = `SELECT * FROM users WHERE email = '${email}'`
预期结果:
Security Issue Found:
**Issue:** SQL Injection Vulnerability
The code uses string interpolation to build a SQL query, allowing attackers to inject malicious SQL code through the email parameter.
**Risk:** Attackers could extract, modify, or delete database contents.
**Recommendation:** Use parameterized queries:
```javascript
const query = 'SELECT * FROM users WHERE email = $1';
db.query(query, [email]);
```
正在使用“code-review-checklist”。 Check this code for best practices: function calc(a, b, c) { return a * b + c; }
预期结果:
Code Quality Issue Found:
**Issue:** Unclear naming
- Variable names 'a', 'b', 'c' are not descriptive
- Function name 'calc' does not explain what is being calculated
- Magic numbers should be replaced with named constants
**Recommendation:** Use descriptive names:
```javascript
function calculateTotalPrice(quantity, unitPrice, tax) {
return quantity * unitPrice + tax;
}
```
正在使用“code-review-checklist”。 What should I check for in a pre-review?
预期结果:
Pre-Review Checklist:
- [ ] Read the PR description and linked issues
- [ ] Understand what problem is being solved
- [ ] Check if tests pass in CI/CD
- [ ] Pull the branch and run it locally
- [ ] Review any related documentation changes
安全审计
安全This skill is a benign code review checklist educational resource. All static analyzer findings are FALSE POSITIVES triggered by example code snippets in documentation. The skill teaches security best practices by showing examples of vulnerable code patterns (SQL injection, hardcoded secrets) to help developers identify and avoid them during reviews.
质量评分
你能构建什么
Pull Request Reviews
Use the checklists to systematically review pull requests and ensure nothing is missed before approving changes.
Security Audits
Apply the security-focused checklist sections to identify potential vulnerabilities in code before deployment.
Team Onboarding
Train new team members on code review standards and best practices using the comprehensive checklist framework.
试试这些提示
Use the code review checklist to review these changes: [paste diff or describe changes]. Focus on functionality, security, and code quality.
Perform a security review of this code using the security checklist. Look for SQL injection, XSS, authentication issues, hardcoded secrets, and input validation: [paste code]
Conduct a thorough code review using all checklist sections: functionality, security, performance, code quality, tests, and documentation. Review these changes: [paste diff or describe changes]
Help me write constructive review comments for the following issues found during code review: [list issues]. Use the review comment templates from the checklist.
最佳实践
- Review small, focused changes rather than large PRs to ensure thoroughness
- Always check tests first - verify they pass and adequately cover new code
- Use automated tools like linters and security scanners in addition to manual review
- Focus on important issues like security and logic errors rather than minor style issues
避免
- Do not approve code without actually reading and understanding it
- Do not skip security checks - security vulnerabilities are critical
- Do not provide vague feedback without specific examples or suggestions
- Do not rubber stamp reviews - every review should add value