Skill

code-review

Code review process and quality framework. Use when reviewing PRs, auditing code quality, or evaluating AI-generated code. Pair with language-specific code-review skill.

npx claudepluginhub deandum/claude-resources --plugin go-skills

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/claude-resources:code-review

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Systematic review across five axes. Work through each in order. Report findings per category.

SKILL.md

149 lines · ~1.3k tokens

Similar Skills

code-review-and-quality

Conducts multi-axis code reviews evaluating correctness, readability, architecture, security, and performance before merging changes.

agent-skills

code-review-excellence

37.9k

Conducts code reviews of pull requests and changes for correctness, security, performance, and maintainability with actionable feedback grouped by severity levels.

1 file

antigravity-awesome-skills

karpathy-guidelines

168.3k

Provides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.

andrej-karpathy-skills

Stats

LanguageShell

Stars3

Forks1

MaintenanceExcellent

Last CommitApr 18, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Code Review

Systematic review across five axes. Work through each in order. Report findings per category.

When to Use

Before merging any PR or change
After completing a feature implementation
When evaluating AI-generated code (needs MORE scrutiny, not less)
After any bug fix (review both the fix and the regression test)
When refactoring existing code

When NOT to Use

Writing code (use builder agent)
Running tests (use tester agent)
Designing architecture (use architect agent)

Core Process

Get the diff — understand what changed and why
Read surrounding context — don't review lines in isolation; understand the function, package, callers
Walk each axis — Correctness → Readability → Architecture → Security → Performance (in order)
Label severity — every finding gets a severity prefix
Be specific — quote exact line, explain problem, show the fix
Acknowledge strengths — note well-written code briefly. Not praise — recognition.
Summarize — verdict + overview + what was verified

The Five-Axis Review

1. Correctness

Error handling: every error checked? Proper wrapping?
Concurrency: races, concurrent task leaks, deadlocks?
Resource management: files/connections closed? Defer for cleanup?
Nil/null safety: pointer dereference after error check?
Edge cases: empty input, zero values, max values?

2. Readability & Simplicity

Naming: clear, consistent, idiomatic?
Structure: functions <100 lines? Early returns? Minimal nesting?
Comments: explain WHY not WHAT? No commented-out code?
Abstractions: earning their complexity? Three lines beats a premature abstraction.

3. Architecture

Package boundaries: dependency direction correct?
API surface: minimal, consistent, hard to misuse?
Coupling: can this change without rippling through the system?
Patterns: consistent with existing codebase?

4. Security

Input validation at boundaries?
SQL parameterized (never string concat)?
No secrets in code, logs, or error messages?
Auth/authz checks present where needed?

5. Performance

N+1 query patterns?
Unbounded operations (lists without limits, concurrent tasks without bounds)?
Timeouts on external calls?
Unnecessary allocations in hot paths?

Severity Labeling

Every comment MUST have a severity prefix:

Prefix	Meaning	Author Action
Critical:	Blocks merge. Security, data loss, crash.	Must fix
Important:	Bug risk, missing error handling, design issue	Should fix
Suggestion:	Style, minor optimization, readability	Nice to have
Nit:	Trivial, optional	May ignore
FYI	Informational only	No action needed

Change Sizing

Lines Changed	Assessment
~100	Good — easy to review thoroughly
~300	Acceptable if single logical change
~1000+	Too large — must split before review

Splitting Strategies

Strategy	When
Stack	Sequential dependencies — submit small change, next one builds on it
By file group	Different reviewers needed for different parts
Horizontal	Shared code/stubs first, then consumers
Vertical	Smaller full-stack slices of the feature

Output Format

## Review: [package or file]

**Verdict**: [APPROVE / REQUEST CHANGES / COMMENT]

### Critical
- [file:line] Description. Fix: [specific fix]

### Important
- [file:line] Description. Fix: [specific fix]

### Suggestions
- [file:line] Description

### Positive
- [Brief note on what was done well]

### Summary
[1-2 sentences: overall assessment + what was verified]

Common Rationalizations

Shortcut	Reality
"LGTM, looks fine"	Rubber-stamping is not reviewing. Check each axis systematically.
"It works, so it's correct"	Working code can still have races, leaks, and security holes.
"AI-generated code is probably fine"	AI code needs more scrutiny. It's confident and plausible, even when wrong.
"It's too big to review properly"	Then it's too big to merge. Split it first.

Red Flags

PRs merged without any review
Review that only checks "tests pass" (ignoring other axes)
"LGTM" without evidence of actual review
Security-sensitive changes without security-focused review
Large PRs accepted because "splitting is too hard"
No regression tests with bug fix PRs
Review comments without severity labels

Verification

All five axes checked in order
Every finding has a severity label
Critical/Important findings include specific fix recommendations
Change size is reasonable (<300 lines, or justified)
Tests pass and build succeeds
Strengths acknowledged (not just problems)

code-review

Popularity

Invocation

Context Preview

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

code-review

Popularity

Invocation

Context Preview

SKILL.md

Code Review

When to Use

When NOT to Use

Core Process

The Five-Axis Review

1. Correctness

2. Readability & Simplicity

3. Architecture

4. Security

5. Performance

Severity Labeling

Change Sizing

Splitting Strategies

Output Format

Common Rationalizations

Red Flags

Verification

Similar Skills

Help us improve

Code Review

When to Use

When NOT to Use

Core Process

The Five-Axis Review

1. Correctness

2. Readability & Simplicity

3. Architecture

4. Security

5. Performance

Severity Labeling

Change Sizing

Splitting Strategies

Output Format

Common Rationalizations

Red Flags

Verification