Stats
Actions
Tags
From local-test-mcp
Conducts thorough code reviews covering security, correctness, performance, maintainability, and testing. Includes automated checks and common vulnerability patterns.
How this skill is triggered — by the user, by Claude, or both
Slash command
/local-test-mcp:code-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You now have expertise in conducting comprehensive code reviews. Follow this structured approach:
You now have expertise in conducting comprehensive code reviews. Follow this structured approach:
Check for:
npm audit, pip-audit)# Quick security scans
npm audit # Node.js
pip-audit # Python
cargo audit # Rust
grep -r "password\|secret\|api_key" --include="*.py" --include="*.js"
Check for:
Check for:
Check for:
Check for:
## Code Review: [file/component name]
### Summary
[1-2 sentence overview]
### Critical Issues
1. **[Issue]** (line X): [Description]
- Impact: [What could go wrong]
- Fix: [Suggested solution]
### Improvements
1. **[Suggestion]** (line X): [Description]
### Positive Notes
- [What was done well]
### Verdict
[ ] Ready to merge
[ ] Needs minor changes
[ ] Needs major revision
# Bad: SQL injection
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# Good:
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
# Bad: Command injection
os.system(f"ls {user_input}")
# Good:
subprocess.run(["ls", user_input], check=True)
# Bad: Mutable default argument
def append(item, lst=[]): # Bug: shared mutable default
# Good:
def append(item, lst=None):
lst = lst or []
// Bad: Prototype pollution
Object.assign(target, userInput)
// Good:
Object.assign(target, sanitize(userInput))
// Bad: eval usage
eval(userCode)
// Good: Never use eval with user input
// Bad: Callback hell
getData(x => process(x, y => save(y, z => done(z))))
// Good:
const data = await getData();
const processed = await process(data);
await save(processed);
# Show recent changes
git diff HEAD~5 --stat
git log --oneline -10
# Find potential issues
grep -rn "TODO\|FIXME\|HACK\|XXX" .
grep -rn "password\|secret\|token" . --include="*.py"
# Check complexity (Python)
pip install radon && radon cc . -a
# Check dependencies
npm outdated # Node
pip list --outdated # Python
npx claudepluginhub wulawulu/learn-claude-code-rsReviews code for security vulnerabilities, correctness bugs, performance issues, and production reliability concerns. Outputs prioritized findings with severity levels.
Conducts code reviews assessing quality, best practices, security vulnerabilities, performance, error handling, and test coverage. Outputs categorized issues with recommendations and severity ratings.
Reviews code for best practices, security issues, bugs, error handling, performance, and testing coverage using Read, Grep, Glob tools. Use for PRs, code changes, quality analysis, security audits.