code-review
Systematic code analysis with evidence collection
Resources
6Install
npx skillscat add simhacker/moollm/code-review Install via the SkillsCat registry.
SKILL.md
Code Review
"Read with intent. Question with purpose. Document with care."
Systematic code analysis with evidence collection. Code review IS an adventure โ the codebase is the dungeon, findings are clues.
Review Process
READ โ NOTE ISSUES โ CLASSIFY โ REPORTStep 1: Setup
- Create REVIEW.yml
- Identify files to review
- Define focus areas
Step 2: Overview
- List all changed files
- Read PR/commit description
- Note initial impressions
Step 3: Deep Review
For each file:
- Read the code
- Check against criteria
- Note findings
- Run relevant checks
Step 4: Verification
- Run tests
- Run linters
- Check regressions
Step 5: Synthesize
- Compile findings
- Prioritize issues
- Generate REVIEW.md
- State recommendation
Finding Severity
| Level | Symbol | Meaning | Action |
|---|---|---|---|
| Blocking | ๐ซ | Must fix before merge | Request changes |
| Important | โ ๏ธ | Should fix or explain | Request changes |
| Minor | ๐ก | Nice to fix | Comment only |
| Praise | ๐ | Good work! | Celebrate |
Finding Types
- Security โ Injection, auth, sensitive data
- Correctness โ Logic errors, edge cases
- Performance โ N+1 queries, memory leaks
- Maintainability โ Clarity, DRY, naming
- Style โ Formatting, conventions
Review Checklist
Security
- Input validation
- Output encoding
- Authentication/authorization
- Sensitive data handling
- Injection vulnerabilities
- Timing attacks
Correctness
- Logic errors
- Edge cases handled
- Null/undefined handling
- Error handling
- Race conditions
- Resource cleanup
Maintainability
- Code clarity
- Appropriate comments
- Consistent naming
- DRY (no duplication)
- Single responsibility
- Testability
Performance
- Algorithmic complexity
- Memory usage
- Database queries
- Caching
- Unnecessary operations
Core Files
REVIEW.yml
review:
name: "PR #123: Add user authentication"
status: "in_progress"
findings:
blocking:
- id: "B1"
file: "src/auth/login.ts"
line: 45
type: "security"
summary: "Timing attack vulnerability"
important: []
minor: []
praise: []
verification:
tests: { ran: true, passed: true }
linter: { ran: true, passed: false, issues: 3 }REVIEW.md
Formatted document with:
- Summary and counts
- Issues by severity
- Verification results
- Recommendation
Verification Commands
tests:
- "npm test"
- "pytest"
- "go test ./..."
linters:
- "npm run lint"
- "flake8"
- "golangci-lint run"Recommendation Output
| Outcome | Meaning |
|---|---|
approve |
Good to merge |
request_changes |
Has blocking/important issues |
comment |
Minor feedback only |
See Also
- rubric โ Explicit scoring criteria for code quality
- evaluator โ Independent assessment pattern
- adversarial-committee โ Multiple reviewers debating findings
Categories
Install
npx skillscat add simhacker/moollm/code-review Install via the SkillsCat registry.