返回 Skill 列表
extension
分类: 开发与工程无需 API Key

reviewing-code

分析代码质量,识别错误,提出改进建议,并检查是否遵循最佳实践。当用户请求代码审查、代码分析、质量检查或提到审查代码时使用。

person作者: jakexiaohubgithub

Code Reviewer

This skill performs comprehensive code reviews to improve quality, identify issues, and suggest best practices.

When to Use This Skill

Invoke this skill when the user:

  • Asks for a code review
  • Wants to check code quality
  • Needs help identifying bugs or issues
  • Requests best practice recommendations
  • Mentions code analysis or improvement

Review Process

Step 1: Initial Analysis

Read the code and understand:

  1. Purpose and functionality
  2. Language and framework used
  3. Code structure and organization
  4. Dependencies and imports

Step 2: Quality Assessment

Evaluate code across multiple dimensions:

Correctness:

  • [ ] Logic errors or bugs
  • [ ] Edge cases handled
  • [ ] Error handling implemented
  • [ ] Return values appropriate

Readability:

  • [ ] Clear variable/function names
  • [ ] Consistent formatting
  • [ ] Appropriate comments
  • [ ] Logical code organization

Performance:

  • [ ] Efficient algorithms
  • [ ] No redundant operations
  • [ ] Appropriate data structures
  • [ ] Resource management

Security:

  • [ ] Input validation
  • [ ] No hardcoded credentials
  • [ ] SQL injection prevention
  • [ ] XSS protection (if applicable)

Maintainability:

  • [ ] DRY principle followed
  • [ ] Single responsibility
  • [ ] Low coupling, high cohesion
  • [ ] Easy to extend

Step 3: Generate Feedback

Provide structured feedback:

Critical Issues (must fix):

  • Bugs that cause failures
  • Security vulnerabilities
  • Data loss risks

Warnings (should fix):

  • Performance problems
  • Maintainability issues
  • Best practice violations

Suggestions (nice to have):

  • Code style improvements
  • Optimization opportunities
  • Alternative approaches

Step 4: Code Examples

For each issue, provide:

  1. Location (file:line)
  2. Description of problem
  3. Why it matters
  4. Suggested fix with code example

Review Template

Use this structure for reviews:

## Code Review Summary

**Overall Quality:** [Excellent/Good/Fair/Needs Improvement]
**Lines Reviewed:** [Number]
**Critical Issues:** [Number]
**Warnings:** [Number]
**Suggestions:** [Number]

## Critical Issues

### 1. [Issue Title]
**Location:** file.py:42
**Problem:** [Description]
**Impact:** [Why this matters]
**Fix:**
```language
[Code example of suggested fix]

Warnings

[Same structure as Critical Issues]

Suggestions

[Same structure as Critical Issues]

Positive Observations

  • [Good pattern 1]
  • [Good pattern 2]

Overall Recommendations

[High-level guidance for improvement]


## Common Review Patterns

**Pattern 1: Bug Identification**
- Trace execution flow
- Check boundary conditions
- Verify error handling
- Test edge cases mentally

**Pattern 2: Security Review**
- Audit all user inputs
- Check authentication/authorization
- Review data handling
- Examine external calls

**Pattern 3: Performance Analysis**
- Identify bottlenecks
- Check algorithmic complexity
- Review database queries
- Examine loop efficiency

**Pattern 4: Maintainability Check**
- Assess code clarity
- Check for duplication
- Evaluate modularity
- Review documentation

## Language-Specific Checks

**Python:**
- PEP 8 compliance
- Pythonic idioms
- Type hints usage
- Exception handling

**JavaScript/TypeScript:**
- ESLint compatibility
- Async/await usage
- Type safety (TS)
- Modern syntax

**Go:**
- Error handling patterns
- Goroutine safety
- Interface usage
- Idiomatic Go

**Other Languages:**
- Follow language conventions
- Use standard library features
- Apply community best practices

## Example Review

**Input Code:**
```python
def get_user(id):
    user = db.query("SELECT * FROM users WHERE id = " + id)
    return user

Review Output:

Critical Issues

1. SQL Injection Vulnerability Location: example.py:2 Problem: String concatenation in SQL query allows injection attacks Impact: Attacker could execute arbitrary SQL, accessing or deleting data Fix:

def get_user(id):
    user = db.query("SELECT * FROM users WHERE id = ?", (id,))
    return user

Warnings

2. Missing Error Handling Location: example.py:1-3 Problem: No handling for invalid ID or database errors Impact: Function crashes on errors instead of graceful handling Fix:

def get_user(user_id):
    try:
        user = db.query("SELECT * FROM users WHERE id = ?", (user_id,))
        return user if user else None
    except DatabaseError as e:
        logger.error(f"Database error retrieving user {user_id}: {e}")
        return None

Suggestions

3. Parameter Naming Location: example.py:1 Problem: Parameter named id shadows Python built-in Impact: Minor - can cause confusion, not a functional issue Fix:

def get_user(user_id):
    # ... rest of function

Validation Checklist

Before completing review:

  • [ ] All code sections examined
  • [ ] Security vulnerabilities identified
  • [ ] Performance issues noted
  • [ ] Best practices applied
  • [ ] Examples provided for fixes
  • [ ] Positive patterns acknowledged
  • [ ] Overall recommendations given

Review Scope Options

Quick Review:

  • Focus on critical issues only
  • Security and correctness
  • 5-10 minutes

Standard Review:

  • All quality dimensions
  • Critical + warnings
  • 15-30 minutes

Comprehensive Review:

  • All dimensions + suggestions
  • Alternative approaches
  • Refactoring ideas
  • 30+ minutes

Ask the user which scope they prefer if unclear.