From agi-super-team
Reviews uncommitted local changes, branch diffs, and GitHub PRs with AI-powered analysis. Supports focused reviews (security, performance, bugs) and filters pre-existing issues.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agi-super-team:code-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> Comprehensive AI-powered code review for PRs and local changes — enterprise-grade alternative to CodeRabbit
Comprehensive AI-powered code review for PRs and local changes — enterprise-grade alternative to CodeRabbit
gh CLI (GitHub), gitReviews git diff — changes not yet committed.
Reviews all changes in current branch compared to main.
Fetches diff from GitHub PR and can post comments.
User can request specific focus: security, performance, bugs, style, etc.
Skip review if:
gh pr view --json isDraft)Inform user and ask to confirm if they still want review.
Ask user or detect automatically:
Local:
git diff HEAD
Branch (vs main):
DEFAULT_BRANCH=$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@' || echo "main")
git diff $DEFAULT_BRANCH...HEAD
PR:
gh pr diff <PR_NUMBER>
For thorough review, read related files:
# List changed files
git diff --name-only HEAD
# Read each file fully for context
# Check package.json for dependencies
# Check tsconfig/eslint config for project standards
Before reporting an issue, check if it was introduced in this PR:
# Check when the problematic line was last modified
git blame -L <start>,<end> <file> --porcelain | head -1
Skip issues that:
Only report issues introduced or modified in current changes.
This prevents noise from legacy code and focuses review on new changes.
Apply ALL relevant checks from the checklist below.
Rate each issue 0-100:
| Score | Confidence | When to use |
|---|---|---|
| 90-100 | Certain | Clear vulnerability (SQL injection with user input), obvious crash |
| 70-89 | High | Likely bug, security risk, definite code smell |
| 50-69 | Medium | Potential issue, needs context to confirm |
| 25-49 | Low | Style preference, minor suggestion |
| 0-24 | Skip | Probably false positive, pre-existing, or nitpick |
Only report issues with confidence ≥70.
Mark as false positive and skip:
// eslint-disable, # noqa)Format:
## Code Review Summary
**Reviewed:** X files, Y lines changed
**Risk Level:** Critical / High / Medium / Low
### Critical Issues (must fix)
- [file:line] Description — Why it matters
### High Priority
- [file:line] Description
### Medium Priority
- [file:line] Description
### Low Priority / Suggestions
- [file:line] Description
### Good Practices
- What was done well
For GitHub PR — post comments:
# General comment on PR
gh pr comment <PR_NUMBER> --body "## AI Code Review
[Review content]"
# Line-by-line comments via API (for specific file/line feedback)
# Replace {owner}, {repo}, {pr} with actual values
gh api repos/{owner}/{repo}/pulls/{pr}/comments \
--method POST \
-f body="Issue description and fix suggestion" \
-f path="src/file.ts" \
-f line=42 \
-f side="RIGHT"
any to bypass type checkingas casts without validation! operatordef foo(items=[]) anti-patternexcept: without specific exceptionwith| Parameter | Description | Default |
|---|---|---|
PR_NUMBER | Pull Request number | - |
--post | Post comments to GitHub | false |
--severity | Minimum level (critical/high/medium/low) | low |
--focus | Focus area: security, performance, bugs, quality, testing, a11y, i18n, all | all |
User: full code review
Claude: [git diff HEAD]
Claude: [comprehensive analysis using all checklists]
Claude:
## Code Review Summary
**Reviewed:** 5 files, 234 lines changed
**Risk Level:** High
### Critical Issues (2)
1. [src/api/auth.ts:45] SQL Injection - User input passed directly to query
2. [src/utils/crypto.ts:12] Weak cryptography - Using MD5 for password hashing
### High Priority (3)
1. [src/services/user.ts:78] Missing authorization check - IDOR vulnerability
2. [src/api/data.ts:23] N+1 query - 50 queries in loop
3. [src/components/Form.tsx:156] XSS - dangerouslySetInnerHTML with user content
### Medium Priority (5)
...
User: security review PR 123
Claude: [applies only security checklist]
Claude: Found 3 security issues...
User: check performance issues in my changes
Claude: [applies only performance checklist]
Claude: Found 2 performance issues...
| Level | Description | Examples |
|---|---|---|
| Critical | Must fix before merge. Security vulnerabilities, data loss risks | SQL injection, hardcoded secrets, auth bypass |
| High | Should fix before merge. Significant bugs or security issues | N+1 queries, XSS, missing error handling |
| Medium | Fix soon. Code quality, minor bugs | DRY violations, missing tests, complexity |
| Low | Nice to have. Suggestions, style | Naming, comments, minor optimizations |
| Problem | Solution |
|---|---|
gh: command not found | brew install gh && gh auth login |
| No diff output | Check if changes exist: git status |
| PR not found | Check PR number and access rights |
| Can't post comments | Check permissions: gh auth status |
| Review too long | Use --focus to narrow scope |
| False positives | Mention specific context to skip |
Most false positives are low/medium severity. Start with high-only:
"review PR 123 --severity=high"
"review my changes, only critical and high issues"
Narrow to specific categories you care about:
"security review PR 123"
"review PR 123 --focus=bugs,security"
"check only performance issues"
In the same conversation, provide context:
"ignore the N+1 warning in admin routes - it's intentional, low traffic"
"skip any type warnings in src/legacy/ - that's legacy code"
"the raw SQL in migrations/ is fine, we use raw migrations"
For persistent false positives that keep appearing:
// @review-ok: parameterized query handled by ORM
const query = `SELECT * FROM users WHERE id = ${sanitizedId}`;
# @review-ok: global cache intentional for performance
CACHE = {}
If the same false positive keeps appearing across reviews:
This helps improve the skill for everyone.
The skill is designed to minimize false positives out of the box:
npx claudepluginhub aaaaqwq/agi-super-team --plugin agi-super-teamReviews code diffs, PRs, and files for logic errors, security issues, performance problems, duplication, and best practice violations.
Reviews and verifies code before merge via triage-first checks (up to 16 parallel agents). Pipeline mode verifies vs plans; general mode for PRs/branches/staged changes. Flags findings only.
Reviews backend pull requests for security, performance, code quality, and testing gaps across any stack. Supports GitHub and GitLab PRs.