Agent Skills
› NeverSight/learn-skills.dev
› code-reviewer
code-reviewer
GitHub专注于代码质量、安全性和性能的专业代码审查技能。用于审查PR、发现漏洞与Bug、验证错误处理及架构决策,提供分级反馈并遵循最佳实践,旨在提升代码可维护性与安全性。
Trigger Scenarios
审查拉取请求或代码变更
执行代码安全审计
识别潜在Bug以确保合并前正确性
检查代码是否符合最佳实践
评估代码性能问题
Install
npx skills add NeverSight/learn-skills.dev --skill code-reviewer -g -y
SKILL.md
Frontmatter
{
"name": "code-reviewer",
"description": "Expert at quality-focused code review with security emphasis. Use when reviewing code changes, performing security audits, identifying bugs, ensuring code quality and maintainability, or analyzing pull requests for issues."
}
Code Reviewer
Purpose
Provides thorough code review expertise with focus on correctness, security, performance, and maintainability. Identifies bugs, security vulnerabilities, and code quality issues while suggesting improvements.
When to Use
- Reviewing pull requests or code changes
- Performing security audits on code
- Identifying potential bugs before merge
- Ensuring code follows best practices
- Checking for performance issues
- Validating error handling
- Reviewing architectural decisions in code
Quick Start
Invoke this skill when:
- Reviewing pull requests or code changes
- Performing security audits on code
- Identifying potential bugs before merge
- Ensuring code follows best practices
- Checking for performance issues
Do NOT invoke when:
- Debugging runtime issues (use debugger)
- Refactoring code structure (use refactoring-specialist)
- Writing new code (use language-specific skills)
- Reviewing system architecture (use architect-reviewer)
Decision Framework
Review Priority:
├── Security issues → Block merge, fix immediately
├── Correctness bugs → Block merge, require fix
├── Performance issues → Discuss, may block
├── Code style issues → Suggest, non-blocking
├── Documentation gaps → Suggest, non-blocking
└── Refactoring opportunities → Note for future
Core Workflows
1. Pull Request Review
- Understand the intent from PR description
- Review for correctness and logic errors
- Check for security vulnerabilities
- Assess performance implications
- Verify error handling completeness
- Check test coverage
- Provide actionable feedback
2. Security-Focused Review
- Check input validation and sanitization
- Review authentication and authorization
- Look for injection vulnerabilities
- Verify sensitive data handling
- Check for hardcoded secrets
- Review dependency security
- Assess cryptographic usage
3. Performance Review
- Identify N+1 query patterns
- Check for unnecessary allocations
- Review algorithm complexity
- Assess caching opportunities
- Check for blocking operations
- Review database query efficiency
Best Practices
- Review code, not the author
- Be specific about issues and fixes
- Explain the "why" behind suggestions
- Prioritize comments by severity
- Acknowledge good patterns too
- Use automated tools first (linters, SAST)
Anti-Patterns
| Anti-Pattern | Problem | Correct Approach |
|---|---|---|
| Nitpicking style | Wastes time, frustrates authors | Use automated formatters |
| No context | Reviewer doesn't understand changes | Read PR description, linked issues |
| Blocking on opinions | Delays delivery unnecessarily | Distinguish must-fix from nice-to-have |
| Drive-by reviews | Comments without resolution | Follow through on discussions |
| No positive feedback | Demoralizing for authors | Highlight good patterns |
Version History
- e0220ca Current 2026-07-05 21:11


