Slash Command

/code-review

Performs code review on files, directories, recent git changes, or PRs, providing actionable feedback on quality, security, performance, maintainability, and testing.

Git

Github

code-quality

security

Install

npx claudepluginhub devsforge/marketplace --plugin code-review

Allowed Tools

BashReadWriteEditGrepGlob

Prompt Preview

# Code Review Command

Conduct thorough code review to identify issues, suggest improvements, and ensure code quality standards.

## Usage



**Examples:**


## What This Command Does

Performs comprehensive code review across multiple dimensions:

1. **Code Quality**: Structure, readability, maintainability
2. **Security**: Vulnerabilities, authentication, data protection
3. **Performance**: Bottlenecks, optimization opportunities
4. **Best Practices**: Standards compliance, design patterns
5. **Testing**: Coverage, test quality, edge cases

## Review Process

### Step 1: Identify Changes
...

Command Content

Other plugins with /code-review

/code-review

Reviews local uncommitted changes or GitHub PRs (pass PR number/URL) for security vulnerabilities, code quality issues, and best practices. Generates severity-based report with file locations, descriptions, and fixes.

everything-claude-code

162.2k

/code-review

Performs automated multi-agent code review on current GitHub pull request: audits CLAUDE.md, bugs, git history, prior PRs, code comments; scores issue confidence.

Bash(gh issue view:*)Bash(gh search:*)Bash(gh issue list:*)+4

code-review

15.9k

/code-review

Reviews uncommitted changes for security vulnerabilities, code quality issues, and best practices using git diff. Generates report with severity levels, locations, descriptions, fixes; blocks commits on critical/high issues.

claude-scholar

3.4k

/code-review

Performs comprehensive code quality review of repository structure, code, security, performance, architecture, testing, and documentation. Produces prioritized issues and actionable recommendations with examples.

all-commands

2.7k

/code-review

commands-utilities-debugging

2.7k

/code-review

Performs holistic pre-push code review against design docs, analyzing diff and broader codebase for alignment, consistency, risks, and issues. Produces categorized findings with recommendations.

ai-devkit

1.1k

Stats

Parent Repo Stars43

Parent Repo Forks4

Last CommitOct 12, 2025

Actions

View Source View Plugin View on GitHub View README

Code Review Command

Conduct thorough code review to identify issues, suggest improvements, and ensure code quality standards.

Usage

/code-review [file_or_directory]

Examples:

/code-review                           # Review recent git changes
/code-review src/api/users.js         # Review specific file
/code-review src/components/          # Review directory
/code-review --pr 123                 # Review pull request

What This Command Does

Performs comprehensive code review across multiple dimensions:

Code Quality: Structure, readability, maintainability
Security: Vulnerabilities, authentication, data protection
Performance: Bottlenecks, optimization opportunities
Best Practices: Standards compliance, design patterns
Testing: Coverage, test quality, edge cases

Review Process

Step 1: Identify Changes

First, determine what to review:

# Check recent changes
git status
git diff HEAD

# For PR reviews
gh pr diff <pr_number>

Step 2: Multi-Dimensional Analysis

Code Quality Check:

Cyclomatic complexity (functions should be <10)
Code duplication (identify DRY violations)
Naming conventions (clear, descriptive names)
Function length (keep under 50 lines)
Comment quality (explain why, not what)

Security Analysis:

Input validation (SQL injection, XSS prevention)
Authentication/authorization checks
Secrets management (no hardcoded credentials)
Dependency vulnerabilities
Error handling (no sensitive data leaks)

Performance Review:

Algorithm efficiency (time/space complexity)
Database query optimization (N+1 problems)
Resource management (memory leaks, connections)
Caching opportunities
Async operations usage

Architecture Assessment:

SOLID principles adherence
Design pattern usage
Separation of concerns
Dependency management
API design quality

Testing Evaluation:

Test coverage (aim for >80%)
Test quality (unit, integration, edge cases)
Mocking strategy
Test maintainability
Error scenario coverage

Step 3: Generate Feedback

Provide actionable feedback in this format:

## Code Review Results

### Critical Issues (Must Fix)
- [SECURITY] SQL injection vulnerability in user.login() - Line 45
- [BUG] Null pointer exception possible in processOrder() - Line 123

### Important (Should Fix)
- [PERFORMANCE] N+1 query in getUserOrders() - Line 67
- [QUALITY] Function complexity too high (CC: 15) in calculatePrice() - Line 234

### Suggestions (Nice to Have)
- [REFACTOR] Extract method: validateUserInput() from createUser()
- [STYLE] Use consistent naming: camelCase vs snake_case

### Positive Feedback
- Excellent error handling in PaymentService
- Good test coverage for authentication module (92%)

Review Checklist

Code Quality

Functions are single-purpose and focused
Variable names are descriptive and clear
No code duplication (DRY principle)
Proper error handling throughout
Consistent code style and formatting

Security

All inputs are validated and sanitized
Authentication/authorization implemented correctly
No hardcoded secrets or credentials
SQL queries use parameterization
Sensitive data is encrypted

Performance

No obvious performance bottlenecks
Database queries are optimized
Appropriate data structures used
Caching implemented where beneficial
Async operations used for I/O

Testing

New code has test coverage
Tests are meaningful and maintainable
Edge cases are covered
Tests follow AAA pattern (Arrange, Act, Assert)
No flaky or unreliable tests

Documentation

Common Issues & Fixes

Security Issues

SQL Injection:

// Bad
const query = `SELECT * FROM users WHERE id = ${userId}`;

// Good
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

XSS Prevention:

// Bad
element.innerHTML = userInput;

// Good
element.textContent = userInput;
// Or use sanitization library
element.innerHTML = DOMPurify.sanitize(userInput);

Performance Issues

N+1 Query Problem:

# Bad
users = User.query.all()
for user in users:
    orders = user.orders  # Executes query for each user

# Good
users = User.query.options(joinedload(User.orders)).all()

Memory Leak:

// Bad - event listener not removed
element.addEventListener('click', handler);

// Good - cleanup
useEffect(() => {
  element.addEventListener('click', handler);
  return () => element.removeEventListener('click', handler);
}, []);

Code Quality Issues

High Complexity:

# Bad - complexity 12
def process_payment(user, amount, method, promo):
    if user.is_premium:
        if method == "credit":
            if promo:
                # ... nested logic
            else:
                # ... more logic
        elif method == "debit":
            # ... more nesting
    else:
        # ... even more logic

# Good - extract methods
def process_payment(user, amount, method, promo):
    discount = calculate_discount(user, promo)
    final_amount = apply_discount(amount, discount)
    return charge_payment(user, final_amount, method)

Review Best Practices

Be Constructive: Focus on the code, not the person
Provide Context: Explain why changes are needed
Suggest Solutions: Don't just point out problems
Prioritize Issues: Critical > Important > Suggestions
Acknowledge Good Work: Positive feedback is valuable
Ask Questions: "Why did you choose this approach?"
Use Examples: Show better alternatives with code

Automated Checks

Run these tools before manual review:

# Linting
eslint src/
pylint app/

# Security scanning
npm audit
safety check

# Test coverage
jest --coverage
pytest --cov

# Complexity analysis
complexity src/

Review Context

When reviewing, gather this information:

# Recent changes
git log --oneline -5
git diff main...HEAD

# Changed files
git diff --name-only main...HEAD

# Test results
npm test
pytest

# Build status
npm run build

Methodology

This command follows code review best practices:

Risk-Based Prioritization: Critical issues first
Constructive Feedback: Solutions, not just problems
Knowledge Sharing: Explain reasoning
Consistency: Apply standards uniformly
Continuous Learning: Capture best practices