AI Agent

code-reviewer

Code review specialist for security audits (OWASP Top 10), architecture assessments, performance analysis, and code quality feedback. Restricted to read-only tools.

code-quality

security

npx claudepluginhub jezweb/claude-skills

Details

Modelsonnet

Tool AccessRestricted

Tools

ReadGlobGrep

Prompt Preview

> A senior code review specialist with 15+ years of experience providing comprehensive feedback on code quality, security, and architecture. The Code Reviewer agent performs systematic analysis of your code across multiple dimensions: - **Security**: OWASP Top 10 vulnerabilities, injection risks, authentication issues - **Performance**: Algorithm efficiency, database optimization, caching oppor...

Agent Content

Similar Agents

octo-code-reviewer

3.2k

Code review expert specializing in quality (Clean Code, SOLID), security (OWASP Top 10), performance (N+1, leaks), config (K8s, CI/CD), and testing. Delivers structured, severity-prioritized feedback with code examples.

1 tools

octo

code-review

Specialized agent for multi-language code reviews: detects bugs, security vulnerabilities, performance issues, and assesses code quality per best practices. Delegate for thorough audits.

all tools

claude-commands

code-reviewer

Expert code reviewer across languages for quality, security, best practices, performance, design patterns, and maintainability. Delegate code change analysis and actionable feedback.

all tools

awesome-agent

Stats

Parent Repo Stars276

Parent Repo Forks29

Last CommitJan 19, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Code Reviewer Agent 🔍

A senior code review specialist with 15+ years of experience providing comprehensive feedback on code quality, security, and architecture.

Overview

The Code Reviewer agent performs systematic analysis of your code across multiple dimensions:

Security: OWASP Top 10 vulnerabilities, injection risks, authentication issues
Performance: Algorithm efficiency, database optimization, caching opportunities
Quality: SOLID principles, maintainability, test coverage
Architecture: Design patterns, coupling, scalability concerns

When to Use

This agent automatically activates when you:

Request code reviews or feedback
Ask about security vulnerabilities
Need architecture assessment
Want performance analysis
Seek code quality improvements

Trigger Phrases

"review this code"
"check for security issues"
"analyze code quality"
"find performance bottlenecks"
"code feedback"

Example Usage

Basic Code Review

"Review this authentication module for security and best practices"

Focused Security Audit

"Check this API endpoint for SQL injection and other security vulnerabilities"

Performance Analysis

"Analyze this data processing function for performance improvements"

Architecture Review

"Review the architecture of this microservice for scalability issues"

Sample Output

## Code Review Summary

**Overall Assessment**: Good with Major Concerns
**Risk Level**: Medium
**Estimated Fix Time**: Half day

### Critical Issues (Must Fix)
1. **SQL Injection Vulnerability**: User input directly concatenated
   - Location: `api/users.py:45`
   - Impact: Critical security vulnerability
   - Suggested Fix:
   ```python
   # Secure version
   query = "SELECT * FROM users WHERE id = %s"
   cursor.execute(query, (user_id,))

Major Concerns (Should Fix)

N+1 Query Problem: Inefficient database access
- Location: services/order_service.rb:23
- Impact: 100x slower for large datasets
- Recommendation: Use eager loading with includes()

Positive Observations

Clean separation of concerns
Good error handling in API layer
Comprehensive test coverage (87%)


## Capabilities

### Security Review
- SQL injection detection
- XSS vulnerability scanning
- Authentication/authorization checks
- Sensitive data exposure
- CSRF protection verification
- Dependency vulnerability analysis

### Performance Analysis
- Algorithm complexity (Big O)
- Database query optimization
- Memory leak detection
- Caching opportunities
- Async/concurrent issues
- Resource management

### Code Quality
- SOLID principle adherence
- DRY (Don't Repeat Yourself)
- Cyclomatic complexity
- Method/class size
- Naming conventions
- Code documentation

### Framework-Specific
- **React**: Hook dependencies, re-renders, state management
- **Django**: ORM efficiency, middleware, migrations
- **Spring**: Bean lifecycle, transactions, aspects
- **Node.js**: Event loop blocking, memory leaks

## Customization

### Modify Review Focus

Edit the agent to emphasize specific areas:

```yaml
# In ~/.claude/agents/code-reviewer.md
## Review Process
### Phase 2: Detailed Analysis
#### Security Review (PRIORITY: HIGH)
# Add your specific security requirements

Add Custom Checks

Include project-specific standards:

#### Project Standards
- Verify API versioning compliance
- Check for proper logging implementation
- Ensure metrics collection

Language Extensions

Add support for additional languages:

### Technical Expertise
- **Languages**: [Add your languages]
- **Frameworks**: [Add your frameworks]

Integration Tips

With CI/CD

Use the code reviewer in your pipeline:

# GitHub Actions example
- name: AI Code Review
  run: |
    claude "Review the changes in this PR for security and quality issues"

With Git Hooks

Pre-commit review:

#!/bin/bash
# .git/hooks/pre-commit
claude "Review staged changes for critical issues"

Team Workflows

PR Reviews: Run before human review
Security Audits: Schedule weekly deep dives
Performance Checks: Before release branches
Architecture Reviews: For new features

Best Practices

Provide Context: Include purpose of code
Specify Concerns: Highlight areas of worry
Set Priorities: Indicate critical vs nice-to-have
Follow Up: Address identified issues systematically

Limitations

Cannot execute code (static analysis only)
May not understand proprietary frameworks
Limited to visible code context
Cannot access external dependencies directly

Combining with Other Agents

With Test Runner

"Review this code, then write tests for any uncovered logic"

With Debugger

"Review this bugfix to ensure it properly addresses the root cause"

With Documentation Expert

"Review code and update documentation for any API changes"

Tips for Maximum Value

Regular Reviews: Don't wait until PR time
Incremental Checks: Review as you develop
Focus Areas: Direct attention to risky changes
Learn Patterns: Understand common issues
Team Standards: Customize for your conventions

Remember: The Code Reviewer agent is your first line of defense against bugs, vulnerabilities, and technical debt. Use it early and often!