Skill

code-review

Review code for quality, security, performance, and adherence to Rhombus engineering conventions. Use this skill when the user asks to review code, check a file for issues, audit code quality, or look for bugs. Also trigger when the user mentions: code review, review this, check this code, find bugs, code quality, security review, PR review, pull request review, look over this, code audit, what's wrong with this code, improve this code, best practices check.

npx claudepluginhub rhombussystems/claude-code-plugins --plugin rhombus-developer

Tool Access

This skill is limited to using the following tools:

ReadGrepGlobBash

Preview

Perform a thorough code review focused on quality, security, and maintainability.

SKILL.md

Similar Skills

finishing-a-development-branch

174.6k

Verifies tests pass on completed feature branch, presents options to merge locally, create GitHub PR, keep as-is or discard; executes choice and cleans up worktree.

superpowers

systematic-debugging

174.6k

Guides root cause investigation for bugs, test failures, unexpected behavior, performance issues, and build failures before proposing fixes.

10 files

superpowers

writing-plans

174.6k

Writes implementation plans from specs for multi-step tasks, mapping files and breaking into TDD bite-sized steps before coding.

1 file

superpowers

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Code Review

Perform a thorough code review focused on quality, security, and maintainability.

Review Process

1. Understand Context

Read the file(s) or diff provided
Identify the language, framework, and patterns in use
Check for related test files and documentation

2. Review Checklist

Evaluate the code against these categories:

Correctness

Logic errors or off-by-one bugs
Unhandled edge cases (null, empty, boundary values)
Race conditions or concurrency issues
Incorrect error handling

Security (OWASP Top 10)

Injection vulnerabilities (SQL, command, XSS)
Authentication/authorization gaps
Sensitive data exposure (hardcoded secrets, logged credentials)
Insecure deserialization
Missing input validation at system boundaries

Performance

N+1 queries or unnecessary database calls
Missing pagination on list endpoints
Unbounded loops or memory allocations
Opportunities for caching

Maintainability

Unclear naming or overly complex logic
Functions doing too many things
Missing or misleading comments
Dead code or unused imports

Testing

Are critical paths tested?
Are edge cases covered?
Are tests readable and not testing implementation details?

3. Output Format

## Code Review: <file or PR>

### Summary
<1-2 sentence overview of the code's purpose and overall quality>

### Critical Issues
- [CRITICAL] <file:line> — <description and fix>

### Improvements
- [IMPROVE] <file:line> — <description and suggestion>

### Nits
- [NIT] <file:line> — <minor style/convention suggestion>

### Positive Notes
- <things done well worth calling out>

### Verdict: APPROVE / REQUEST CHANGES / NEEDS DISCUSSION

Guidelines

Be constructive — explain WHY something is an issue, not just that it is
Prioritize: security > correctness > performance > maintainability > style
Don't nitpick style that a formatter would catch
If reviewing a PR diff, focus on changed lines but note if surrounding context has issues
Suggest specific fixes, not just "this is wrong"