C
code-review-expert
by @sanyuan0704v
4.5(160)
具备资深工程师视角的代码审查能力,对Git变更进行专业评估,确保代码质量、可维护性和最佳实践。
安装方式
npx skills add sanyuan0704/code-review-expert --skill code-review-expertcompare_arrows
Before / After 效果对比
1 组使用前
团队进行代码审查时,可能由于经验不足或时间限制,难以全面发现 SOLID 原则违规、潜在安全风险和架构问题,导致代码质量和可维护性下降。
使用后
使用 `code-review-expert` 技能,可以对当前的 Git 更改进行专家级代码审查,从高级工程师视角检测 SOLID 违规、安全风险,并提出可操作的改进建议,显著提升代码质量和团队开发效率,降低长期维护成本。
SKILL.md
Code Review Expert
Overview
Perform a structured review of the current git changes with focus on SOLID, architecture, removal candidates, and security risks. Default to review-only output unless the user asks to implement changes.
Severity Levels
| Level | Name | Description | Action |
|---|---|---|---|
| P0 | Critical | Security vulnerability, data loss risk, correctness bug | Must block merge |
| P1 | High | Logic error, significant SOLID violation, performance regression | Should fix before merge |
| P2 | Medium | Code smell, maintainability concern, minor SOLID violation | Fix in this PR or create follow-up |
| P3 | Low | Style, naming, minor suggestion | Optional improvement |
Workflow
1) Preflight context
- Use
git status -sb,git diff --stat, andgit diffto scope changes. - If needed, use
rgorgrepto find related modules, usages, and contracts. - Identify entry points, ownership boundaries, and critical paths (auth, payments, data writes, network).
Edge cases:
- No changes: If
git diffis empty, inform user and ask if they want to review staged changes or a specific commit range. - Large diff (>500 lines): Summarize by file first, then review in batches by module/feature area.
- Mixed concerns: Group findings by logical feature, not just file order.
2) SOLID + architecture smells
- Load
references/solid-checklist.mdfor specific prompts. - Look for:
- SRP: Overloaded modules with unrelated responsibilities.
- OCP: Frequent edits to add behavior instead of extension points.
- LSP: Subclasses that break expectations or require type checks.
- ISP: Wide interfaces with unused methods.
- DIP: High-level logic tied to low-level implementations.
- When you propose a refactor, explain why it improves cohesion/coupling and outline a minimal, safe split.
- If refactor is non-trivial, propose an incremental plan instead of a large rewrite.
3) Removal candidates + iteration plan
- Load
references/removal-plan.mdfor template. - Identify code that is unused, redundant, or feature-flagged off.
- Distinguish safe delete now vs defer with plan.
- Provide a follow-up plan with concrete steps and checkpoints (tests/metrics).
4) Security and reliability scan
- Load
references/security-checklist.mdfor coverage. - Check for:
- XSS, injection (SQL/NoSQL/command), SSRF, path traversal
- AuthZ/AuthN gaps, missing tenancy checks
- Secret leakage or API keys in logs/env/files
- Rate limits, unbounded loops, CPU/memory hotspots
- Unsafe deserialization, weak crypto, insecure defaults
- Race conditions: concurrent access, check-then-act, TOCTOU, missing locks
- Call out both exploitability and impact.
5) Code quality scan
- Load
references/code-quality-checklist.mdfor coverage. - Check for:
- Error handling: swallowed exceptions, overly broad catch, missing error handling, async errors
- Performance: N+1 queries, CPU-intensive ops in hot paths, missing cache, unbounded memory
- Boundary conditions: null/undefined handling, empty collections, numeric boundaries, off-by-one
- Flag issues that may cause silent failures or production incidents.
6) Output format
Structure your review as follows:
## Code Review Summary
**Files reviewed**: X files, Y lines changed
**Overall assessment**: [APPROVE / REQUEST_CHANGES / COMMENT]
---
## Findings
### P0 - Critical
(none or list)
### P1 - High
1. **[file:line]** Brief title
- Description of issue
- Suggested fix
### P2 - Medium
2. (continue numbering across sections)
- ...
### P3 - Low
...
---
## Removal/Iteration Plan
(if applicable)
## Additional Suggestions
(optional improvements, not blocking)
Inline comments: Use this format for file-specific findings:
::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::
Clean review: If no issues found, explicitly state:
- What was checked
- Any areas not covered (e.g., "Did not verify database migrations")
- Residual risks or recommended follow-up tests
7) Next steps confirmation
After presenting findings, ask user how to proceed:
---
## Next Steps
I found X issues (P0: _, P1: _, P2: _, P3: _).
**How would you like to proceed?**
1. **Fix all** - I'll implement all suggested fixes
2. **Fix P0/P1 only** - Address critical and high priority issues
3. **Fix specific items** - Tell me which issues to fix
4. **No changes** - Review complete, no implementation needed
Please choose an option or provide specific instructions.
Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow.
Resources
references/
| File | Purpose |
|---|---|
solid-checklist.md | SOLID smell prompts and refactor heuristics |
security-checklist.md | Web/app security and runtime risk checklist |
code-quality-checklist.md | Error handling, performance, boundary conditions |
removal-plan.md | Template for deletion candidates and follow-up plan |
用户评价 (0)
发表评价
效果
易用性
文档
兼容性
暂无评价
统计数据
安装量7.1K
评分4.5 / 5.0
版本
更新日期2026年5月21日
对比案例1 组
用户评分
4.5(160)
5
23%
4
51%
3
23%
2
3%
1
0%
为此 Skill 评分
0.0
兼容平台
🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI
时间线
创建2026年3月16日
最后更新2026年5月21日