
code-review
✓ Official★ 22,300by anthropic · part of anthropics/knowledge-work-plugins
Structured code review for security, performance, correctness, and maintainability across PR diffs and file changes. Audits security risks including SQL injection, XSS, CSRF, authentication flaws, and credential exposure Identifies performance issues like N+1 queries, memory leaks, algorithmic complexity, and resource leaks Checks correctness for edge cases, race conditions, error handling, and type safety gaps Works standalone with diffs and file paths; integrates with source control,...
Structured code review for security, performance, correctness, and maintainability across PR diffs and file changes. Audits security risks including SQL injection, XSS, CSRF, authentication flaws, and credential exposure Identifies performance issues like N+1 queries, memory leaks, algorithmic complexity, and resource leaks Checks correctness for edge cases, race conditions, error handling, and type safety gaps Works standalone with diffs and file paths; integrates with source control,...
Inspect the full instructions your agent will receiveExpandCollapse
This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.
by anthropic
Structured code review for security, performance, correctness, and maintainability across PR diffs and file changes. Audits security risks including SQL injection, XSS, CSRF, authentication flaws, and credential exposure Identifies performance issues like N+1 queries, memory leaks, algorithmic complexity, and resource leaks Checks correctness for edge cases, race conditions, error handling, and type safety gaps Works standalone with diffs and file paths; integrates with source control,...
npx skills add https://github.com/anthropics/knowledge-work-plugins --skill code-review
Download ZIPGitHub22.3k
/code-review
If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md.
Review code changes with a structured lens on security, performance, correctness, and maintainability.
How It Works
┌─────────────────────────────────────────────────────────────────┐
│ CODE REVIEW │
├─────────────────────────────────────────────────────────────────┤
│ STANDALONE (always works) │
│ ✓ Paste a diff, PR URL, or point to files │
│ ✓ Security audit (OWASP top 10, injection, auth) │
│ ✓ Performance review (N+1, memory leaks, complexity) │
│ ✓ Correctness (edge cases, error handling, race conditions) │
│ ✓ Style (naming, structure, readability) │
│ ✓ Actionable suggestions with code examples │
├─────────────────────────────────────────────────────────────────┤
│ SUPERCHARGED (when you connect your tools) │
│ + Source control: Pull PR diff automatically │
│ + Project tracker: Link findings to tickets │
│ + Knowledge base: Check against team coding standards │
└─────────────────────────────────────────────────────────────────┘
Review Dimensions
Security
-
SQL injection, XSS, CSRF
-
Authentication and authorization flaws
-
Secrets or credentials in code
-
Insecure deserialization
-
Path traversal
-
SSRF
Performance
-
N+1 queries
-
Unnecessary memory allocations
-
Algorithmic complexity (O(n²) in hot paths)
-
Missing database indexes
-
Unbounded queries or loops
-
Resource leaks
Correctness
-
Edge cases (empty input, null, overflow)
-
Race conditions and concurrency issues
-
Error handling and propagation
-
Off-by-one errors
-
Type safety
Maintainability
-
Naming clarity
-
Single responsibility
-
Duplication
-
Test coverage
-
Documentation for non-obvious logic
Output
## Code Review: [PR title or file]
### Summary
[1-2 sentence overview of the changes and overall quality]
### Critical Issues
| # | File | Line | Issue | Severity |
|---|------|------|-------|----------|
| 1 | [file] | [line] | [description] | 🔴 Critical |
### Suggestions
| # | File | Line | Suggestion | Category |
|---|------|------|------------|----------|
| 1 | [file] | [line] | [description] | Performance |
### What Looks Good
- [Positive observations]
### Verdict
[Approve / Request Changes / Needs Discussion]
If Connectors Available
If ~~source control is connected:
-
Pull the PR diff automatically from the URL
-
Check CI status and test results
If ~~project tracker is connected:
-
Link findings to related tickets
-
Verify the PR addresses the stated requirements
If ~~knowledge base is connected:
- Check changes against team coding standards and style guides
Tips
-
Provide context — "This is a hot path" or "This handles PII" helps me focus.
-
Specify concerns — "Focus on security" narrows the review.
-
Include tests — I'll check test coverage and quality too.
npx skills add https://github.com/anthropics/knowledge-work-plugins --skill code-reviewRun this in your project — your agent picks the skill up automatically.
Usage
/code-review
Review the provided code changes: @$1
If no specific file or URL is provided, ask what to review.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.