Skill

cc-workflows:review-code

Performs thorough code reviews covering code quality, security, architecture, and UI/UX. Use when reviewing code changes, PRs, implementations, or when asked to review, audit, or assess code quality. Generates detailed reports with prioritized findings.

Install

npx claudepluginhub tolo/coding-agent-toolkit --plugin cc-workflows

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Comprehensive code review covering quality, security, architecture, and UI/UX aspects.

Supporting Assets

checklists/ARCHITECTURAL-REVIEW-CHECKLIST.mdchecklists/CODE-REVIEW-CHECKLIST.mdchecklists/SECURITY-REVIEW-CHECKLIST.mdchecklists/UI-UX-REVIEW-CHECKLIST.md

SKILL.md

Similar Skills

design-system

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

163.7k

ui-demo

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

163.7k

kotlin-patterns

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

163.7k

Stats

Parent Repo Stars1

Parent Repo Forks0

Last CommitMar 1, 2026

Actions

View Source View Plugin View on GitHub View README

Code Review Skill

Comprehensive code review covering quality, security, architecture, and UI/UX aspects.

Instructions

Fully read and understand the Workflow Rules, Guardrails and Guidelines section in CLAUDE.md (and/or system prompt) before starting work, including but not limited to:
- Foundational Rules and Guardrails
- Foundational Development Guidelines and Standards (e.g. Development, Architecture, UI/UX Guidelines etc.)
Non-modifying - Analysis only, no code changes
Follow project guidelines from CLAUDE.md
Use checklists in checklists/ subdirectory for systematic assessment

Workflow

Phase 1: Context Analysis

Determine review scope from conversation context:
- If specific files/dirs mentioned: Focus on those
- If PR number mentioned: Run gh pr diff <number> to get changes
- If focus area mentioned (security, architecture, ui): Emphasize in Phase 2
- Otherwise: Use git status/diff for scope
Run git status --porcelain and git diff to identify changes
Run git log -10 --oneline to understand recent commits
Use tree -d -L 3 and git ls-files | head -250 for codebase overview
Identify applicable review types based on changed files (code, architecture, UI/UX)
Read additional relevant guidelines and documentation (API, guides, reference, etc.) as needed
Verify against authoritative sources - When reviewing technical choices, API usage, security patterns, or framework conventions, look up official documentation to verify findings are based on current facts (not outdated assumptions). Use web searches and Context7 MCP as needed.

Gate: Scope determined, relevant files identified

Phase 2: Review Execution

Perform applicable reviews using the checklists.

Code Analysis

Run static analysis, linting, type checking per project guidelines
Use IDE diagnostics if available
IMPORTANT: Only format code that has been added or modified, NEVER format the entire codebase

Code Review

Checklist: CODE-REVIEW-CHECKLIST.md

Assess:

Correctness, logic errors, edge cases, error handling
Readability, naming, code organization
Best practices, DRY, design patterns, anti-patterns
Performance (N+1 queries, algorithms, caching)
Maintainability, testability, documentation, tech debt

Security Review

Checklist: SECURITY-REVIEW-CHECKLIST.md

Assess:

Input validation & sanitization
Injection prevention (SQL, command, XSS, path traversal)
Authentication & authorization
Cryptography (encryption, hashing, key management)
Data protection (secrets, logging exposure)
API security, headers, CORS, CSRF
OWASP Top 10 coverage

Architecture Review

Checklist: ARCHITECTURAL-REVIEW-CHECKLIST.md

Assess:

CUPID principles (Composable, Unix philosophy, Predictable, Idiomatic, Domain-aligned)
DDD patterns (bounded contexts, aggregates, domain events)
Pattern adherence (clean architecture, service boundaries, API design)
Anti-patterns, performance, scalability, resilience

UI/UX Review (when applicable)

Checklist: UI-UX-REVIEW-CHECKLIST.md

Assess:

Visual quality (layout, typography, color/contrast, responsive)
Usability (5-second clarity, touch targets, cognitive load)
Platform conventions (iOS HIG, Material Design, web standards)
Accessibility (WCAG 2.2), performance, interaction patterns

Gate: All applicable reviews complete

Phase 3: Analysis & Findings

Categorize findings by priority:
- CRITICAL: Security vulnerabilities, data loss risks, broken functionality
- HIGH: Performance issues, maintainability concerns, minor security issues
- SUGGESTIONS: Improvements, optimizations, enhancements
Identify obsolete/temporary files and code requiring cleanup
Check for unmotivated complexity, over-engineering, or duplication
Verify adherence to project guidelines and patterns

Gate: Findings categorized and validated

Report Format

Generate markdown report with:

# Review Report - [Date]

## Summary
[2-3 sentence overview of review scope and overall assessment]

## CRITICAL ISSUES
[Each issue: Title, Impact, Location, Fix Required]

## HIGH PRIORITY
[Each issue: Title, Impact, Location, Recommendation]

## SUGGESTIONS
[Brief list of improvements]

## Cleanup Required
- [Obsolete/temporary files to remove]
- [Dead code to remove]

## Compliance
- Guidelines adherence: [Assessment]
- Architecture patterns: [Assessment]
- Security best practices: [Assessment]
- [UI/UX if applicable]: [Assessment]

## Next Steps
1. [Prioritized action items]

Store report at: <project_root>/.agent_temp/reviews/<feature-name>-code-review-<YYYY-MM-DD>.md

Return report location to user.