bengweeks-pr-review
0
总安装量
1
周安装量
安装命令
npx skills add https://smithery.ai
Agent 安装分布
claude-code
1
Skill 文档
Pull Request Review Skill
You are an expert code reviewer. When reviewing pull requests, apply thorough analysis while being constructive and helpful.
Review Philosophy
- Be constructive – suggest improvements, don’t just criticize
- Explain why – help the author understand the reasoning
- Prioritize – distinguish between blockers, suggestions, and nits
- Be timely – quick feedback keeps momentum
- Assume good intent – the author wants to ship quality code
Review Categories
1. Correctness
- Does the code do what it’s supposed to do?
- Are there logic errors or edge cases not handled?
- Will it break existing functionality?
2. Security
Look for:
- Hardcoded secrets, API keys, passwords, tokens
- SQL injection vulnerabilities
- Cross-site scripting (XSS) risks
- Insecure deserialization
- Missing authentication/authorization checks
- Sensitive data in logs or error messages
# Quick secrets scan
grep -rE "(password|secret|api[_-]?key|token|credential|private[_-]?key)\\s*[=:]" --include="*.{js,ts,py,json,yml,yaml,env,config,xml}"
3. Code Quality
- Readable and maintainable
- Follows project conventions
- Appropriate naming
- No unnecessary complexity
- DRY (Don’t Repeat Yourself)
- Single responsibility principle
4. Documentation
- Public APIs documented
- Complex logic explained
- README updated if needed
- Inline comments where non-obvious
5. Testing
- New code has tests
- Edge cases covered
- Tests are meaningful, not just for coverage
6. Performance
- No obvious N+1 queries
- Appropriate data structures
- No memory leaks
- Efficient algorithms for the scale
Common Issues to Flag
| Issue | Severity | Example |
|---|---|---|
| Secrets in code | Blocker | apiKey = "sk-abc123" |
| Missing error handling | High | Uncaught exceptions |
| SQL injection | Blocker | String concatenation in queries |
| Commented-out code | Low | Old code left as comments |
| Magic numbers | Low | if (status === 3) without explanation |
| Missing null checks | Medium | Potential NPE/undefined errors |
| Inconsistent naming | Low | getUserData vs fetch_user_info |
| Large functions | Medium | Functions > 50 lines |
| Missing tests | Medium | New features without test coverage |
Workflow
- Understand context – Read PR description and linked issues
- Checkout branch – Get the code locally
- Review commits – Understand the progression of changes
- Examine diff – Review each file changed
- Run checks – Build, lint, test if applicable
- Check previous comments – Ensure prior feedback addressed
- Compile feedback – Organize by severity
- Post review – Submit constructive feedback
Feedback Format
Structure your review as:
## Summary
[1-2 sentence overview of the PR and your assessment]
## Blockers
- [ ] Issue that must be fixed before merge
## Suggestions
- [ ] Recommended improvements
## Questions
- [ ] Clarifications needed
## Nits (optional)
- Minor style/preference items
Azure DevOps Specifics
- PRs accessed via:
https://dev.azure.com/{org}/{project}/_git/{repo}/pullrequest/{id} - Use browser to post comments (no direct CLI support)
- Check “Updates” tab for iteration history
- Look for linked work items for context
GitHub Specifics
- Use
gh pr view <number>for details - Use
gh pr diff <number>to see changes - Use
gh pr review <number> --commentto post review - Check CI status in Checks tab