---

name: code-review description: Perform comprehensive code reviews focusing on best practices, security vulnerabilities, performance optimization, and maintainability

Code Review Skill

When reviewing code, follow this systematic approach to ensure thorough evaluation:

Review Checklist

1. Code Quality

• Readability: Is the code easy to understand?
• Naming: Are variables, functions, and classes well-named?
• Structure: Is the code properly organized and modular?
• Comments: Are complex sections adequately documented?
• Complexity: Are there overly complex functions that should be simplified?

2. Security Analysis

Check for common vulnerabilities:

• SQL injection vulnerabilities
• XSS (Cross-Site Scripting) vulnerabilities
• Authentication and authorization flaws
• Insecure data handling (passwords, sensitive data)
• Input validation and sanitization
• OWASP Top 10 vulnerabilities

3. Performance Considerations

• Identify potential bottlenecks
• Check for inefficient algorithms or data structures
• Look for unnecessary database queries or API calls
• Evaluate caching opportunities
• Assess memory usage patterns

4. Best Practices

• DRY Principle: Eliminate code duplication
• SOLID Principles: Verify adherence to design principles
• Error Handling: Check for proper exception handling
• Testing: Evaluate test coverage and quality
• Dependencies: Review external dependencies and their versions

5. Maintainability

• Is the code easy to modify and extend?
• Are there proper abstractions?
• Is the architecture scalable?
• Are there technical debt concerns?

Review Format

Structure your review as follows:

1. Summary: High-level overview of the changes
2. Critical Issues: Security vulnerabilities or bugs that must be fixed
3. Major Concerns: Significant issues affecting quality or performance
4. Suggestions: Optional improvements and best practices
5. Positive Feedback: Acknowledge good practices and improvements

Guidelines

• Be constructive and respectful
• Provide specific examples and suggestions
• Explain the "why" behind recommendations
• Prioritize issues by severity (critical, major, minor)
• Reference documentation or standards when applicable
• Consider the context and constraints of the project

Example Reviews

Security Issue:

CopyCRITICAL: SQL injection vulnerability detected at line 45
Current: f"SELECT * FROM users WHERE id = {user_id}"
Recommendation: Use parameterized queries to prevent SQL injection

Performance Suggestion:

CopySUGGESTION: Consider caching database results at line 123
The same query is executed multiple times in the loop. Cache the results
to improve performance by ~80%.