npx claudepluginhub latestaiagents/agent-skills --plugin developer-toolkitWant just this skill?
Then install: npx claudepluginhub u/[userId]/[slug]
Use this skill when reviewing AI-generated code. Activate when the user has code generated by an AI assistant and wants to review it, validate AI output, check for common AI mistakes, ensure code quality of generated code, or verify that AI-generated code follows best practices before merging.
This skill uses the workspace's default tool permissions.
AI Code Reviewer
Systematically review AI-generated code to catch common mistakes before they hit production.
When to Use
- After AI generates code you plan to use
- Before committing AI-assisted changes
- When AI code "looks right" but you want verification
- Reviewing PRs with significant AI-generated content
The AI Code Review Checklist
1. Correctness Issues (Most Common)
AI often generates code that looks correct but has subtle bugs.
Check for:
-
Hallucinated APIs - Methods/functions that don't exist
// AI might generate: array.findLast(x => x.id === id) // Verify this exists in your target -
Wrong library versions - API changes between versions
// React 18 vs 19 differences // Node.js API differences -
Off-by-one errors - Loop bounds, array indices
for (let i = 0; i <= arr.length; i++) // Should be < -
Incorrect null/undefined handling
user.profile.name // What if profile is undefined?
2. Security Issues
AI doesn't prioritize security unless explicitly asked.
Check for:
-
SQL Injection
// BAD: AI might generate db.query(`SELECT * FROM users WHERE id = ${userId}`) // GOOD: Parameterized db.query('SELECT * FROM users WHERE id = $1', [userId]) -
XSS Vulnerabilities
// BAD: Direct HTML insertion element.innerHTML = userInput // GOOD: Escaped or use framework element.textContent = userInput -
Exposed Secrets
// AI might hardcode values from context const API_KEY = 'sk-abc123...' // Should be env var -
Missing Input Validation
// AI often skips validation function processData(data) { return data.items.map(...) // What if data is null? }
3. Performance Issues
AI optimizes for "looks correct" not "performs well."
Check for:
-
N+1 Queries
// BAD: AI loves this pattern users.forEach(async user => { const posts = await getPosts(user.id) // N queries! }) // GOOD: Batch const posts = await getPostsForUsers(userIds) -
Unnecessary Re-renders (React)
// BAD: New object every render <Component style={{ margin: 10 }} /> // GOOD: Stable reference const style = useMemo(() => ({ margin: 10 }), []) -
Memory Leaks
// BAD: Missing cleanup useEffect(() => { const interval = setInterval(fetch, 1000) // No cleanup! }, []) // GOOD: Cleanup useEffect(() => { const interval = setInterval(fetch, 1000) return () => clearInterval(interval) }, []) -
Blocking Operations
// BAD: Sync file operations const data = fs.readFileSync(path) // GOOD: Async const data = await fs.promises.readFile(path)
4. Maintainability Issues
AI generates "works now" code, not "maintainable" code.
Check for:
-
Magic Numbers/Strings
// BAD if (status === 3) { ... } // GOOD if (status === OrderStatus.SHIPPED) { ... } -
Inconsistent Patterns
// AI might mix patterns const getUser = async () => {} // Arrow function async function getPost() {} // Function declaration -
Missing Types (TypeScript)
// BAD: AI uses 'any' when uncertain function process(data: any) { ... } // GOOD: Proper types function process(data: ProcessInput) { ... } -
Dead Code
// AI sometimes includes unused variables/imports import { unused } from './utils' const temp = calculate() // Never used
5. Integration Issues
AI doesn't know your codebase deeply.
Check for:
- Duplicate Logic - Does similar code already exist?
- Wrong Imports - Using the right internal modules?
- Naming Mismatches - Following your conventions?
- Missing Error Handling - Using your error patterns?
Review Workflow
Step 1: Quick Scan (30 seconds)
- Does it compile/run?
- Any obvious red flags?
- Right general approach?
Step 2: Security Review (1 minute)
- User input handling?
- Database queries?
- Authentication/authorization?
- Sensitive data exposure?
Step 3: Logic Review (2-3 minutes)
- Edge cases handled?
- Null/undefined checks?
- Error scenarios?
- Loop bounds correct?
Step 4: Integration Review (1-2 minutes)
- Follows project patterns?
- Uses existing utilities?
- Correct imports?
- Consistent naming?
Step 5: Performance Review (1 minute)
- Obvious inefficiencies?
- Unnecessary operations?
- Memory management?
- Async patterns?
Common AI Mistakes by Language
JavaScript/TypeScript
- Missing
awaiton async functions - Wrong
thiscontext in callbacks - Type assertions hiding real issues (
as any) - Mixing CommonJS and ESM imports
Python
- Mutable default arguments
- Not closing file handles
- Missing
__init__.pyawareness - Wrong exception handling scope
React
- Missing dependency arrays in hooks
- Incorrect key props in lists
- State updates in render
- Missing cleanup in effects
SQL
- Missing indexes awareness
- Cartesian products from bad joins
- Not using transactions
- Inefficient subqueries
Quick Validation Commands
# TypeScript: Compile check
npx tsc --noEmit
# ESLint: Style and common errors
npx eslint src/new-file.ts
# Tests: Run affected tests
npm test -- --findRelatedTests src/new-file.ts
# Security: Quick scan
npx audit-ci --moderate
When to Regenerate vs Fix
Regenerate if:
- Fundamental approach is wrong
- Would require 50%+ rewrite
- Security issue is systemic
Fix manually if:
- Small corrections needed
- Logic is sound, details wrong
- Integration issues only
Documentation Template
When the review passes:
## AI Code Review
**Generated by:** [Claude/GPT/etc]
**Reviewed by:** [Your name]
**Date:** [Date]
### Changes Made After Review
- Fixed null check on line 45
- Added input validation
- Replaced magic number with constant
### Verified
- [x] Security review passed
- [x] Tests added/passing
- [x] Follows project conventions
Similar Skills
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.