code-review-excellence
Master Code Review Best Practices
Code reviews often become bottlenecks or sources of team friction. This skill provides structured techniques for giving constructive feedback, conducting thorough reviews, and turning every review into a knowledge-sharing opportunity that improves code quality and team collaboration.
Download the skill ZIP
Upload in Claude
Go to Settings → Capabilities → Skills → Upload skill
Toggle on and start using
Test it
Using "code-review-excellence". How should I give feedback on this code that has a security vulnerability?
Expected outcome:
Frame your feedback using the context-issue-solution pattern:
[Context] I noticed the payment processing logic is in the controller.
[Specific Issue] The calculateTotal() function uses string concatenation for SQL queries, which is vulnerable to injection.
[Helpful Solution] Consider using parameterized queries instead. Here's an example pattern...
Using "code-review-excellence". What are the key things to check when reviewing a pull request?
Expected outcome:
Use the 4-phase review process:
1. Context Gathering: PR description, CI status, business requirements
2. High-Level Review: Architecture, design, file organization, testing strategy
3. Line-by-Line Review: Logic correctness, security, performance, maintainability
4. Summary: Clear decision with prioritized feedback
Security Audit
Low RiskStatic analysis detected patterns in documentation that appear concerning but are false positives. The skill is a code review guide containing examples of vulnerabilities and code patterns for educational purposes. All detected patterns (eval references, backticks, URLs, fetch calls) are documentation content, not executable code. No actual security risks found. Safe to publish.
Risk Factors
⚡ Contains scripts
🌐 Network access
⚙️ External commands
Quality Score
What You Can Build
Learning Effective Code Review
New developers or team members learning how to conduct constructive code reviews that improve code quality while maintaining positive team dynamics.
Improving Review Processes
Teams wanting to establish or improve their code review practices with systematic approaches, checklists, and feedback frameworks.
Code Review Assistance
When preparing for or conducting code reviews, use this skill to structure feedback, prioritize issues, and ensure comprehensive coverage.
Try These Prompts
Help me review this pull request. I want to: 1) Understand the overall approach and architecture, 2) Check for security issues, 3) Look for performance problems, 4) Ensure the code is maintainable. What should I focus on and what questions should I ask the author?
Review this code specifically for security issues. Check for: input validation, SQL injection risks, XSS vulnerabilities, authentication gaps, hardcoded secrets, and proper error handling. What security concerns should I raise?
Review this Python code for Python-specific issues like mutable default arguments, bare except clauses, correct exception handling, and Pythonic patterns. What improvements would you suggest?
I found several issues in this code. Help me construct feedback that is: specific and actionable, educational rather than judgmental, balanced with praise for what was done well, and clearly prioritized by severity.
Best Practices
- Review code promptly within 24 hours to maintain team velocity and show respect for the author's work
- Use the sandwich method modified: context first, then specific issue, then helpful solution
- Differentiate severity clearly with labels like [blocking], [important], [nit], and [praise]
Avoid
- Nitpicking formatting issues that should be caught by linters
- Being vague or unclear about what needs to change
- Making feedback about the person rather than the code
- Skipping positive feedback when code is done well