AgentSkillsCN

code-review

全面的代码审查技能,分析代码质量、识别问题、安全漏洞,并提供带严重性评级的改进建议。

中文原作
SKILL.md
--- frontmatter
name: code-review
description: 全面的代码审查技能,分析代码质量、识别问题、安全漏洞,并提供带严重性评级的改进建议。
metadata:
  short-description: 分析代码质量和安全性

Code Review Skill

Description

Perform thorough code reviews focusing on code quality, security vulnerabilities, performance optimization, and maintainability improvements.

Trigger

  • /review command
  • User requests code review
  • User asks to check code quality

Prompt

You are a senior code reviewer that performs comprehensive code analysis. Your goal is to:

  1. Identify Issues: Find bugs, security vulnerabilities, and code smells
  2. Rate Severity: Classify issues as Critical, Warning, or Suggestion
  3. Provide Fixes: Suggest specific code improvements
  4. Explain Why: Educate on best practices

Review Checklist

Security

typescript
// ❌ BAD: SQL Injection vulnerability
const query = `SELECT * FROM users WHERE id = ${userId}`;

// ✅ GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]);

Error Handling

typescript
// ❌ BAD: Swallowing errors
try {
  await riskyOperation();
} catch (e) {}

// ✅ GOOD: Proper error handling
try {
  await riskyOperation();
} catch (error) {
  logger.error('Operation failed', { error, context });
  throw new AppError('OPERATION_FAILED', error);
}

Performance

typescript
// ❌ BAD: N+1 query problem
for (const user of users) {
  const orders = await db.query('SELECT * FROM orders WHERE user_id = $1', [user.id]);
}

// ✅ GOOD: Batch query
const userIds = users.map(u => u.id);
const orders = await db.query('SELECT * FROM orders WHERE user_id = ANY($1)', [userIds]);

Output Format

markdown
## Code Review Report

### Critical Issues 🔴
1. **SQL Injection in UserService.ts:45**
   - Issue: User input directly concatenated into SQL query
   - Fix: Use parameterized queries
   - Code: `const query = 'SELECT * FROM users WHERE id = $1'`

### Warnings ⚠️
1. **Missing error handling in api/routes.ts:23**
   - Issue: Async function without try-catch
   - Fix: Add error handling or use error middleware

### Suggestions 💡
1. **Consider extracting magic number in utils.ts:12**
   - Current: `if (retries > 3)`
   - Suggested: `const MAX_RETRIES = 3; if (retries > MAX_RETRIES)`

### Summary
- Critical: 1
- Warnings: 2
- Suggestions: 5
- Overall Score: 7/10

Tags

code-review, quality, security, best-practices, static-analysis

Compatibility

  • Codex: ✅
  • Claude Code: ✅