Summary
This is your systematic code reviewer that catches what you miss in pull requests. It prioritizes security first (SQL injection, XSS, auth holes), then moves through performance bottlenecks like N+1 queries and memory leaks, code quality issues, and best practice violations. Every finding comes with before/after code snippets and severity ratings from critical to low priority. The output format is solid: grouped by urgency, includes a quick wins section for high impact fixes, and actually acknowledges what you did right. Use it when you need a thorough audit beyond linter warnings, especially on unfamiliar codebases or before production deploys.
Install to Claude Code
npx -y skills add onewave-ai/claude-skills --skill code-review-pro --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.mdView on GitHub
Code Review Pro
Deep code analysis covering security, performance, maintainability, and best practices.
When to Use This Skill
Activate when the user:
- Asks for a code review
- Wants security vulnerability scanning
- Needs performance analysis
- Asks to "review this code" or "audit this code"
- Mentions finding bugs or improvements
- Wants refactoring suggestions
- Requests best practice validation
Instructions
-
Security Analysis (Critical Priority)
- SQL injection vulnerabilities
- XSS (cross-site scripting) risks
- Authentication/authorization issues
- Secrets or credentials in code
- Unsafe deserialization
- Path traversal vulnerabilities
- CSRF protection
- Input validation gaps
- Insecure cryptography
- Dependency vulnerabilities
-
Performance Analysis
- N+1 query problems
- Inefficient algorithms (check Big O complexity)
- Memory leaks
- Unnecessary re-renders (React/Vue)
- Missing indexes (database queries)
- Blocking operations
- Resource cleanup (file handles, connections)
- Caching opportunities
- Excessive network calls
- Large bundle sizes
-
Code Quality & Maintainability
- Code duplication (DRY violations)
- Function/method length (should be <50 lines)
- Cyclomatic complexity
- Unclear naming
- Missing error handling
- Inconsistent style
- Missing documentation
- Hard-coded values that should be constants
- God classes/functions
- Tight coupling
-
Best Practices
- Language-specific idioms
- Framework conventions
- SOLID principles
- Design patterns usage
- Testing approach
- Logging and monitoring
- Accessibility (for UI code)
- Type safety
- Null/undefined handling
-
Bugs and Edge Cases
- Logic errors
- Off-by-one errors
- Race conditions
- Null pointer exceptions
- Unhandled edge cases
- Timezone issues
- Encoding problems
- Floating point precision
-
Provide Actionable Fixes
- Show specific code changes
- Explain why change is needed
- Include before/after examples
- Prioritize by severity
Output Format
# Code Review Report
## Critical Issues (Fix Immediately)
### 1. SQL Injection Vulnerability (line X)
**Severity**: Critical
**Issue**: User input directly concatenated into SQL query
**Impact**: Database compromise, data theft
**Current Code:**
```javascript
const query = `SELECT * FROM users WHERE email = '${userEmail}'`;
Fixed Code:
const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [userEmail]);
Explanation: Always use parameterized queries to prevent SQL injection.
High Priority Issues
2. Performance: N+1 Query Problem (line Y)
[Details...]
Medium Priority Issues
3. Code Quality: Function Too Long (line Z)
[Details...]
Low Priority / Nice to Have
4. Consider Using Const Instead of Let
[Details...]
Summary
- Total Issues: 12
- Critical: 2
- High: 4
- Medium: 4
- Low: 2
Quick Wins
Changes with high impact and low effort:
- [Fix 1]
- [Fix 2]
Strengths
- Good error handling in X
- Clear naming conventions
- Well-structured modules
Refactoring Opportunities
- Extract Method: Lines X-Y could be extracted into
calculateDiscount() - Remove Duplication: [specific code blocks]
Resources
## Examples
**User**: "Review this authentication code"
**Response**: Analyze auth logic → Identify security issues (weak password hashing, no rate limiting) → Check token handling → Note missing CSRF protection → Provide specific fixes with code examples → Prioritize by severity
**User**: "Can you find performance issues in this React component?"
**Response**: Analyze component → Identify unnecessary re-renders → Find missing useMemo/useCallback → Note large state objects → Check for expensive operations in render → Provide optimized version with explanations
**User**: "Review this API endpoint"
**Response**: Check input validation → Analyze error handling → Test for SQL injection → Review authentication → Check rate limiting → Examine response structure → Suggest improvements with code samples
## Best Practices
- Always prioritize security issues first
- Provide specific line numbers for issues
- Include before/after code examples
- Explain *why* something is a problem
- Consider the language/framework context
- Don't just criticize—acknowledge good code too
- Suggest gradual improvements for large refactors
- Link to documentation for recommendations
- Consider project constraints (legacy code, deadlines)
- Balance perfectionism with pragmatism
- Focus on impactful changes
- Group similar issues together
- Make recommendations actionable
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
