Code Quality
Code Review
Structured PR and code review workflow covering bugs, security, performance, code quality, test coverage, and project conventions.
Last reviewed Mar 2, 2026
Install
Create this file in your project:
.claude/skills/code-review/SKILL.md---
name: code-review
description: Use this skill when reviewing pull requests, reviewing code changes, or when asked to do a code review.
---
# Code Review
## When to Use
- Reviewing a pull request or merge request
- Asked to review code changes or a diff
- Evaluating code quality before merging
## Process
1. **Understand context** -- Read the PR description, linked issues, and commit messages to understand the intent of the changes.
2. **Review the diff** systematically, checking each area:
- **Correctness** -- Does the code do what it claims? Are there logic errors, off-by-one bugs, or missing edge cases?
- **Security** -- Are there injection vulnerabilities, exposed secrets, missing auth checks, or unsafe data handling?
- **Performance** -- Are there unnecessary re-renders, N+1 queries, missing indexes, or expensive operations in hot paths?
- **Code quality** -- Is the code readable, well-named, and following project conventions? Is there unnecessary duplication?
- **Test coverage** -- Are new behaviors tested? Are edge cases covered? Are tests testing behavior, not implementation?
3. **Categorize findings** as:
- **Blocking** -- Must fix before merge (bugs, security issues, broken tests).
- **Should fix** -- Important improvements that should be addressed (performance, missing tests).
- **Nit** -- Minor style or preference issues (naming, formatting).
4. **Provide specific suggestions** -- For each finding, explain the issue and propose a concrete fix.
## Rules
- Focus on high-impact issues first. Do not bury critical bugs in a sea of style nits.
- Provide specific, actionable feedback with code suggestions when possible.
- Distinguish clearly between blocking issues and non-blocking suggestions.
- Check that tests actually test the new behavior, not just that tests exist.
- Verify the PR does what the description claims -- no more, no less.
- Be constructive. Explain why something is an issue, not just that it is.
- Check for consistency with existing project patterns and conventions.What this skill does
Code Review provides a systematic checklist for reviewing pull requests and code changes. Instead of relying on intuition to spot problems, this skill walks through a structured evaluation covering correctness, security, performance, quality, and test coverage.
The categorization of findings into blocking, should-fix, and nit tiers is essential for productive reviews. When every comment feels equally important, developers either fix nothing or waste time on formatting while missing real bugs. Clear prioritization ensures critical issues get addressed first.
This skill also emphasizes providing concrete fix suggestions rather than vague criticism. "This could be better" is unhelpful. "This SQL query is vulnerable to injection -- here's how to parameterize it" is actionable and educational.
Example workflow
You ask the agent to review a PR that adds a user settings page. The agent will:
- Read the PR description and linked issue to understand requirements.
- Review each changed file, noting: a missing null check on the user query (blocking), an unparameterized database query (blocking -- security), a component that re-renders on every keystroke (should fix), and a variable named
dthat should beuserData(nit). - Present findings organized by severity, each with a code suggestion showing the fix.
Tips
- For large PRs, ask the agent to focus on the most critical files first
- Use this skill proactively before submitting your own PRs to catch issues early
- The security checklist is especially valuable -- these issues are easy to miss in manual review
- Pair with the Verification skill to ensure the agent runs tests as part of the review
Best with tools
Related MCP servers
- No linked MCP servers yet.