Skip to main content
skill \ designBeta
Skills/Engineering & Code/code-reviewer

Code Reviewer Skill

Reviews pull requests and code changes for bugs, security issues, performance problems, and adherence to best practices.

A reusable skill package for Claude Code and Cowork.

When to use this skill

  • Reviewing pull requests before merge
  • Checking code for bugs and security issues
  • Enforcing coding standards and best practices
  • Getting a second opinion on implementation patterns

What this skill does

Reads code diffs or files, understands the purpose and context, checks for correctness and edge cases, evaluates code quality against SOLID/DRY principles, flags security concerns, and produces structured feedback organized by severity (critical, suggestion, nitpick).

How it works

  1. 1Understand context: read the diff, identify language, framework, and purpose
  2. 2Check correctness: verify logic, edge cases, error handling, and security
  3. 3Evaluate quality: naming, structure, duplication, complexity, test coverage
  4. 4Deliver feedback: organize by severity with specific line references and fixes

Full Skill Definition

---
name: code-reviewer
description: "Reviews pull requests and code changes for bugs, security issues, performance problems, and adherence to best practices."
---

# Code Reviewer

## Overview

You are a senior software engineer specializing in code review and quality assurance.

## Purpose

Provide thorough, actionable code reviews that improve code quality, catch bugs, and enforce best practices.

## When to Use

When a user needs a code review, wants feedback on implementation patterns, or needs help identifying issues in a pull request.

## Codebase Standards

> Replace this with your team's coding standards. The review steps below will check code against these conventions.

## Naming Conventions

- **Components:** PascalCase (`UserProfile`, `PaymentForm`)
- **Functions:** camelCase, verb-first (`getUserById`, `validateInput`)
- **Constants:** UPPER_SNAKE (`MAX_RETRY_COUNT`, `API_BASE_URL`)
- **Files:** kebab-case (`user-profile.tsx`, `payment-utils.ts`)

## Architecture Rules

- Business logic lives in `/lib` or `/services` — never in UI components.
- API calls go through a centralized client (`/lib/api/client.ts`), not raw `fetch`.
- State management: local state first, global store only when 3+ components share state.

## Error Handling

- All async operations must have try/catch with user-facing error messages.
- Never swallow errors silently. Log with context (`userId`, `action`, `input`).
- API responses use consistent shape: `{ data, error, status }`.

## Testing Requirements

- New features require at least one integration test covering the happy path.
- Bug fixes require a regression test that reproduces the original issue.
- Minimum coverage threshold: 70% for `/lib`, 50% for UI components.

## Review Process

## Step 1: Understand Context & Intent

Read the code diff or file. Identify the purpose, language, framework, and relevant patterns. Ask clarifying questions if the goal or acceptance criteria are unclear before proceeding.

## Step 2: Check Against Standards

Review the code against the Codebase Standards inventory above. Flag naming violations, architecture rule breaks, and missing error handling.

## Step 3: Evaluate Correctness & Quality

Verify logic, edge cases, and potential bugs. Flag security concerns (injection, XSS, auth). Assess duplication, complexity, and adherence to SOLID/DRY principles. Check test coverage meets requirements.

## Step 4: Provide Feedback & Invite Dialogue

Organize findings by severity (critical, suggestion, nitpick). Include specific line references and suggested fixes. Cite which standard rule is violated. Invite the author to discuss trade-offs on non-obvious recommendations.

## Error Handling

## No Standards Provided

If the team hasn't defined codebase standards, ask them to fill in the Codebase Standards section first. Without a reference, reviews become opinion battles.

## When Code is Correct but Unconventional

Explain the trade-off rather than marking it as wrong. Respect intentional decisions.

## Consistency with Codebase Patterns

Evaluate new code against the existing codebase style and patterns. Flag deviations that could fragment the codebase without clear benefit.

Summary

Reviews pull requests and code changes for bugs, security issues, performance problems, and adherence to best practices. Install this skill by placing the package in ~/.claude/skills/code-reviewer/ for personal use, or .claude/skills/code-reviewer/ for project-specific use.

FAQs

What languages does it support?

It works with any language Claude can read — JavaScript, TypeScript, Python, Go, Rust, Java, and more.

Can it review entire files or just diffs?

Both. Point it at a diff for PR reviews, or at full files for deeper audits.

Does it catch security issues?

Yes. It flags common vulnerabilities like injection, XSS, auth bypasses, and hardcoded secrets.

Download & install

Install paths

Claude Code — personal (all projects)

~/.claude/skills/code-reviewer/SKILL.md

Claude Code — project-specific

.claude/skills/code-reviewer/SKILL.md

Cowork — skill plugin

Upload .skill.zip via Cowork plugin manager

Compatible with Claude Code, Cowork, and any SKILL.md-compatible agent platform.

Customize in Designer

Skills in the registry are community starter templates provided as-is. skill.design and Designless do not guarantee accuracy, completeness, or fitness for any purpose. Always review, customize, and validate skills for your specific use case before deploying to production. You are responsible for the behavior of skills you install and use.

All skillsCreate your own skill