Skills code-reviewer

🔍

code-reviewer

Name: code-reviewer
Author: sickn33

Safe

AI Code Review Expert

Also available from: 9tykeshav,DennisLiuCk,AutumnsGrove,CuriousLearner,google-gemini,davila7,9tykeshav,alirezarezvani

This skill provides elite code review capabilities powered by AI, helping developers identify security vulnerabilities, performance issues, and code quality problems before production deployment.

Supports: Claude Codex Code(CC)

📊 69 Adequate

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "code-reviewer". Review this function for security issues: function getUserData(userId) { const query = `SELECT * FROM users WHERE id = ${userId}`; return db.execute(query); }

Expected outcome:

## Security Review Results

### Critical Issues

**SQL Injection Vulnerability** (Severity: Critical)
- Line 2: User input directly concatenated into SQL query
- Risk: An attacker can inject malicious SQL commands

### Recommended Fix

```javascript
// Use parameterized queries
function getUserData(userId) {
const query = 'SELECT * FROM users WHERE id = ?';
return db.execute(query, [userId]);
}
```

### Additional Recommendations
1. Add input validation for userId
2. Implement proper error handling
3. Consider adding rate limiting

Using "code-reviewer". What are the best practices for reviewing authentication code?

Expected outcome:

## Authentication Code Review Best Practices

### Key Areas to Review

1. **Password Handling**
- Verify password hashing (bcrypt, Argon2)
- Check for proper salt usage
- Ensure secure comparison (timing-safe)

2. **Session Management**
- Session ID generation randomness
- Secure cookie flags (HttpOnly, Secure, SameSite)
- Session timeout configuration

3. **Token-Based Auth**
- JWT algorithm verification (avoid 'none')
- Token expiration policies
- Secure token storage

4. **Multi-Factor Authentication**
- Verify MFA enforcement options
- Check backup codes handling

Security Audit

Safe

v1 • 2/25/2026

All 8 static findings evaluated as false positives. The skill is a legitimate code review assistant that provides guidance on AI-powered code analysis, security vulnerability detection, and performance optimization. No actual external commands, cryptographic code, C2 infrastructure, or network reconnaissance activities are present. The detected patterns were markdown formatting (backticks), compliance acronyms (SOC2, PCI DSS, GDPR), and generic technical terms (pattern, CLI).

Files scanned

181

Lines analyzed

findings

Total audits

Medium Risk Issues (4)

SKILL.md:29

External Command Reference (False Positive)

Line 29 contains a markdown file path reference using backticks (`resources/implementation-playbook.md`). This is standard markdown formatting, not shell execution.

SKILL.md:158

Compliance Acronyms Flagged as C2 (False Positive)

Line 158 mentions regulatory compliance requirements (SOC2, PCI DSS, GDPR). These are legitimate compliance frameworks, not C2 malware keywords.

SKILL.md:3 SKILL.md:43 SKILL.md:98 SKILL.md:143 SKILL.md:157

Generic Terms Flagged as Cryptographic (False Positive)

Lines 3, 43, 98, 143, 157 contain generic words (pattern, CLI, code) that triggered cryptographic algorithm detection. No actual cryptographic code exists in this file.

SKILL.md:106

Process Term Flagged as Network Reconnaissance (False Positive)

Line 106 contains '### Team Collaboration & Process' which triggered network reconnaissance detection. This is about team collaboration processes, not network scanning.

Audited by: claude

Quality Score

Architecture

100

Maintainability

Content

Community

Security

100

Spec Compliance

What You Can Build

Pre-commit Code Review

Get AI-assisted review of code changes before committing to catch issues early in the development cycle.

Pull Request Security Analysis

Analyze pull requests for security vulnerabilities, performance issues, and code quality problems.

Technical Debt Assessment

Identify and prioritize technical debt in existing codebases with actionable remediation plans.

Try These Prompts

Basic Code Review

Review this code snippet for security vulnerabilities, performance issues, and code quality improvements:

```
[PASTE YOUR CODE HERE]
```

Focus on the most critical issues first.

Security-Focused Review

Perform a comprehensive security review of this code. Check for:
- Input validation and sanitization
- Authentication and authorization issues
- SQL injection, XSS, and CSRF vulnerabilities
- Secrets and credential exposure
- API security patterns

Code to review:
```
[PASTE YOUR CODE HERE]
```

Performance Optimization Review

Analyze this code for performance issues and optimization opportunities:

```
[PASTE YOUR CODE HERE]
```

Look for:
- Database query efficiency (N+1 problems)
- Memory leaks and resource management
- Caching opportunities
- Algorithmic complexity improvements

Full Stack Architecture Review

Review this code change for:
1. Architecture and design pattern adherence
2. Error handling and resilience
3. Testability considerations
4. Documentation completeness
5. Configuration security

Code:
```
[PASTE YOUR CODE HERE]
```

Provide a structured assessment with severity ratings.

Best Practices

Provide specific code examples in feedback rather than generic suggestions
Prioritize security and production reliability issues above all else
Balance thorough analysis with practical development velocity considerations
Focus on teaching and knowledge transfer, not just finding problems

Avoid

Do not skip security reviews for 'small' or 'internal' changes
Avoid focusing only on style and formatting over substantive issues
Do not approve code without understanding the business context and requirements

Frequently Asked Questions

What tools does this skill use for code analysis?

This skill provides guidance on using modern static analysis tools including SonarQube, CodeQL, Semgrep, Snyk, Bandit, and OWASP tools. It does not execute these tools directly but advises on their configuration and interpretation of results.

Can this skill replace a human code review?

No. This skill assists with code review by providing AI-powered analysis and best practices, but it cannot replace human judgment for business logic, domain-specific considerations, and contextual understanding.

Does this skill execute the code I provide?

No. This skill performs static analysis and provides guidance based on code patterns. It does not execute or run any code, making it safe to use without risking unintended side effects.

What programming languages are supported?

The skill provides expertise across multiple languages including JavaScript/TypeScript, Python, Java, Go, Rust, C#, PHP, and SQL. It covers modern frameworks and best practices for each language.

How does this skill handle sensitive code or credentials?

The skill advises on proper secrets management and credential handling but does not store or transmit any code. Users should avoid pasting actual credentials or sensitive data during reviews.

Can this skill review infrastructure as code?

Yes. The skill includes capabilities for reviewing Terraform, CloudFormation, Kubernetes manifests, and CI/CD pipeline configurations for security and reliability best practices.

Developer Details

Author

sickn33

License

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/code-reviewer

Ref

main

File structure

📄 SKILL.md