C
code-review-expert
by @sanyuan0704v
4.5(160)
シニアエンジニアの視点からコードレビュー能力を持ち、Gitの変更を専門的に評価し、コード品質、保守性、ベストプラクティスを保証します。
インストール方法
npx skills add sanyuan0704/code-review-expert --skill code-review-expertcompare_arrows
Before / After 効果比較
1 组使用前
チームがコードレビューを行う際、経験不足や時間的制約により、SOLID原則違反、潜在的なセキュリティリスク、アーキテクチャ上の問題を包括的に発見することが困難な場合があります。これにより、コードの品質と保守性が低下します。
使用後
`code-review-expert` スキルを使用すると、現在のGit変更に対してエキスパートレベルのコードレビューを実施できます。これにより、上級エンジニアの視点からSOLID違反やセキュリティリスクを検出し、実行可能な改善提案を行うことで、コード品質とチーム開発効率を大幅に向上させ、長期的なメンテナンスコストを削減します。
SKILL.md
Code Review Expert
Overview
Perform a structured review of the current git changes with focus on SOLID, architecture, removal candidates, and security risks. Default to review-only output unless the user asks to implement changes.
Severity Levels
| Level | Name | Description | Action |
|---|---|---|---|
| P0 | Critical | Security vulnerability, data loss risk, correctness bug | Must block merge |
| P1 | High | Logic error, significant SOLID violation, performance regression | Should fix before merge |
| P2 | Medium | Code smell, maintainability concern, minor SOLID violation | Fix in this PR or create follow-up |
| P3 | Low | Style, naming, minor suggestion | Optional improvement |
Workflow
1) Preflight context
- Use
git status -sb,git diff --stat, andgit diffto scope changes. - If needed, use
rgorgrepto find related modules, usages, and contracts. - Identify entry points, ownership boundaries, and critical paths (auth, payments, data writes, network).
Edge cases:
- No changes: If
git diffis empty, inform user and ask if they want to review staged changes or a specific commit range. - Large diff (>500 lines): Summarize by file first, then review in batches by module/feature area.
- Mixed concerns: Group findings by logical feature, not just file order.
2) SOLID + architecture smells
- Load
references/solid-checklist.mdfor specific prompts. - Look for:
- SRP: Overloaded modules with unrelated responsibilities.
- OCP: Frequent edits to add behavior instead of extension points.
- LSP: Subclasses that break expectations or require type checks.
- ISP: Wide interfaces with unused methods.
- DIP: High-level logic tied to low-level implementations.
- When you propose a refactor, explain why it improves cohesion/coupling and outline a minimal, safe split.
- If refactor is non-trivial, propose an incremental plan instead of a large rewrite.
3) Removal candidates + iteration plan
- Load
references/removal-plan.mdfor template. - Identify code that is unused, redundant, or feature-flagged off.
- Distinguish safe delete now vs defer with plan.
- Provide a follow-up plan with concrete steps and checkpoints (tests/metrics).
4) Security and reliability scan
- Load
references/security-checklist.mdfor coverage. - Check for:
- XSS, injection (SQL/NoSQL/command), SSRF, path traversal
- AuthZ/AuthN gaps, missing tenancy checks
- Secret leakage or API keys in logs/env/files
- Rate limits, unbounded loops, CPU/memory hotspots
- Unsafe deserialization, weak crypto, insecure defaults
- Race conditions: concurrent access, check-then-act, TOCTOU, missing locks
- Call out both exploitability and impact.
5) Code quality scan
- Load
references/code-quality-checklist.mdfor coverage. - Check for:
- Error handling: swallowed exceptions, overly broad catch, missing error handling, async errors
- Performance: N+1 queries, CPU-intensive ops in hot paths, missing cache, unbounded memory
- Boundary conditions: null/undefined handling, empty collections, numeric boundaries, off-by-one
- Flag issues that may cause silent failures or production incidents.
6) Output format
Structure your review as follows:
## Code Review Summary
**Files reviewed**: X files, Y lines changed
**Overall assessment**: [APPROVE / REQUEST_CHANGES / COMMENT]
---
## Findings
### P0 - Critical
(none or list)
### P1 - High
1. **[file:line]** Brief title
- Description of issue
- Suggested fix
### P2 - Medium
2. (continue numbering across sections)
- ...
### P3 - Low
...
---
## Removal/Iteration Plan
(if applicable)
## Additional Suggestions
(optional improvements, not blocking)
Inline comments: Use this format for file-specific findings:
::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::
Clean review: If no issues found, explicitly state:
- What was checked
- Any areas not covered (e.g., "Did not verify database migrations")
- Residual risks or recommended follow-up tests
7) Next steps confirmation
After presenting findings, ask user how to proceed:
---
## Next Steps
I found X issues (P0: _, P1: _, P2: _, P3: _).
**How would you like to proceed?**
1. **Fix all** - I'll implement all suggested fixes
2. **Fix P0/P1 only** - Address critical and high priority issues
3. **Fix specific items** - Tell me which issues to fix
4. **No changes** - Review complete, no implementation needed
Please choose an option or provide specific instructions.
Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow.
Resources
references/
| File | Purpose |
|---|---|
solid-checklist.md | SOLID smell prompts and refactor heuristics |
security-checklist.md | Web/app security and runtime risk checklist |
code-quality-checklist.md | Error handling, performance, boundary conditions |
removal-plan.md | Template for deletion candidates and follow-up plan |
ユーザーレビュー (0)
レビューを書く
効果
使いやすさ
ドキュメント
互換性
レビューなし
統計データ
インストール数7.1K
評価4.5 / 5.0
バージョン
更新日2026年5月21日
比較事例1 件
ユーザー評価
4.5(160)
5
23%
4
51%
3
23%
2
3%
1
0%
この Skill を評価
0.0
対応プラットフォーム
🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI
タイムライン
作成2026年3月16日
最終更新2026年5月21日