code-review
10
总安装量
2
周安装量
#30633
全站排名
安装命令
npx skills add https://github.com/simhacker/moollm --skill code-review
Agent 安装分布
mcpjam
1
claude-code
1
windsurf
1
zencoder
1
cline
1
Skill 文档
Code Review
“Read with intent. Question with purpose. Document with care.”
Systematic code analysis with evidence collection. Code review IS an adventure â the codebase is the dungeon, findings are clues.
Review Process
READ â NOTE ISSUES â CLASSIFY â REPORT
Step 1: Setup
- Create REVIEW.yml
- Identify files to review
- Define focus areas
Step 2: Overview
- List all changed files
- Read PR/commit description
- Note initial impressions
Step 3: Deep Review
For each file:
- Read the code
- Check against criteria
- Note findings
- Run relevant checks
Step 4: Verification
- Run tests
- Run linters
- Check regressions
Step 5: Synthesize
- Compile findings
- Prioritize issues
- Generate REVIEW.md
- State recommendation
Finding Severity
| Level | Symbol | Meaning | Action |
|---|---|---|---|
| Blocking | ð« | Must fix before merge | Request changes |
| Important | â ï¸ | Should fix or explain | Request changes |
| Minor | ð¡ | Nice to fix | Comment only |
| Praise | ð | Good work! | Celebrate |
Finding Types
- Security â Injection, auth, sensitive data
- Correctness â Logic errors, edge cases
- Performance â N+1 queries, memory leaks
- Maintainability â Clarity, DRY, naming
- Style â Formatting, conventions
Review Checklist
Security
- Input validation
- Output encoding
- Authentication/authorization
- Sensitive data handling
- Injection vulnerabilities
- Timing attacks
Correctness
- Logic errors
- Edge cases handled
- Null/undefined handling
- Error handling
- Race conditions
- Resource cleanup
Maintainability
- Code clarity
- Appropriate comments
- Consistent naming
- DRY (no duplication)
- Single responsibility
- Testability
Performance
- Algorithmic complexity
- Memory usage
- Database queries
- Caching
- Unnecessary operations
Core Files
REVIEW.yml
review:
name: "PR #123: Add user authentication"
status: "in_progress"
findings:
blocking:
- id: "B1"
file: "src/auth/login.ts"
line: 45
type: "security"
summary: "Timing attack vulnerability"
important: []
minor: []
praise: []
verification:
tests: { ran: true, passed: true }
linter: { ran: true, passed: false, issues: 3 }
REVIEW.md
Formatted document with:
- Summary and counts
- Issues by severity
- Verification results
- Recommendation
Verification Commands
tests:
- "npm test"
- "pytest"
- "go test ./..."
linters:
- "npm run lint"
- "flake8"
- "golangci-lint run"
Recommendation Output
| Outcome | Meaning |
|---|---|
approve |
Good to merge |
request_changes |
Has blocking/important issues |
comment |
Minor feedback only |
See Also
- rubric â Explicit scoring criteria for code quality
- evaluator â Independent assessment pattern
- adversarial-committee â Multiple reviewers debating findings