{"id":"0a0c4692-19e5-4792-9a07-a3a6725262ed","shortId":"E5SDYm","kind":"skill","title":"Code Review Checklist","tagline":"Runs a systematic checklist review on any code diff or file, covering correctness, security, performance, and readability.","description":"# Code Review Checklist\n\n## What this skill does\n\nThis skill directs the agent to perform a structured code review using a proven checklist. It catches bugs, security issues, performance problems, and readability concerns that are easy to miss in a quick scan. The output is a prioritized list of findings — not vague suggestions, but specific line-level feedback with clear explanations.\n\nUse this before merging a PR, after a refactor, or any time you want a second opinion on code quality.\n\n## How to use\n\n### Claude Code / Cline\n\nCopy this file to `.agents/skills/code-review-checklist/SKILL.md` in your project root.\n\nThen ask the agent:\n- *\"Review this file using the Code Review Checklist skill.\"*\n- *\"Run the Code Review Checklist skill on my PR diff.\"*\n\n### Cursor\n\nAdd the contents of the \"Prompt / Instructions\" section below to your `.cursorrules` file, then open the file you want reviewed and ask Cursor to review it.\n\n### Codex\n\nPaste the code and the instructions from the section below into the Codex chat.\n\n## The Prompt / Instructions for the Agent\n\nWhen asked to review code, work through each section of this checklist in order. For every issue found, output:\n\n- **Severity**: `critical` | `major` | `minor` | `nit`\n- **Location**: file name and line number(s)\n- **Issue**: one-sentence description\n- **Suggestion**: what to do instead\n\n---\n\n### 1. Correctness\n\n- [ ] Does the logic match the intended behavior (based on function name, comments, or context)?\n- [ ] Are there off-by-one errors in loops or array accesses?\n- [ ] Are all code paths handled, including edge cases (empty input, null, zero, negative numbers)?\n- [ ] Are async operations properly awaited? Could there be race conditions?\n- [ ] Are errors caught and handled appropriately, or silently swallowed?\n\n### 2. Security\n\n- [ ] Is any user input used in SQL queries, shell commands, or file paths without sanitization?\n- [ ] Are secrets, API keys, or passwords hardcoded or logged?\n- [ ] Are authentication and authorization checks in place before sensitive operations?\n- [ ] Is output properly escaped before being rendered in HTML (XSS)?\n- [ ] Are dependencies pinned to known-good versions?\n\n### 3. Performance\n\n- [ ] Are there any N+1 query patterns (a query inside a loop)?\n- [ ] Is expensive work (network calls, heavy computation) done unnecessarily on every request?\n- [ ] Are large data structures being copied when a reference would suffice?\n- [ ] Are there obvious opportunities for caching or memoization?\n\n### 4. Readability & Maintainability\n\n- [ ] Are variable and function names descriptive and consistent with the surrounding codebase?\n- [ ] Is any logic complex enough to warrant a comment but currently unexplained?\n- [ ] Are there magic numbers or strings that should be named constants?\n- [ ] Is the function doing more than one thing (violates single-responsibility)?\n- [ ] Is there dead code, commented-out code, or TODO comments that should be resolved?\n\n### 5. Tests\n\n- [ ] Are the critical paths covered by tests?\n- [ ] Do the tests actually assert meaningful behavior, or just that no error was thrown?\n- [ ] Are edge cases (empty input, error states) tested?\n\n---\n\nAfter completing the checklist, output a **summary** with:\n1. Total findings by severity\n2. The top 3 issues to fix first (highest severity / most impactful)\n3. An overall assessment: `Approve` | `Approve with minor fixes` | `Needs changes`\n\nIf no issues are found in a section, write \"✓ No issues found\" for that section rather than skipping it.\n\n## Example\n\n**Input to Agent:**\n> \"Use the Code Review Checklist skill on this function:\n>\n> ```typescript\n> async function getUser(id: string) {\n>   const query = `SELECT * FROM users WHERE id = '${id}'`;\n>   const result = await db.raw(query);\n>   return result.rows[0];\n> }\n> ```\"\n\n**Output from Agent:**\n\n**Correctness**\n- **Major** | Line 3 | No null check on `result.rows[0]` — returns `undefined` if user not found, which may cause downstream errors. | Return `null` explicitly or throw a `NotFoundError`.\n\n**Security**\n- **Critical** | Line 2 | SQL injection vulnerability — `id` is interpolated directly into the query string. | Use a parameterized query: `db.raw('SELECT * FROM users WHERE id = ?', [id])`.\n\n**Performance**\n- **Minor** | Line 2 | `SELECT *` fetches all columns even if only a few are needed. | Specify the columns you actually use.\n\n**Summary**\n- 1 critical, 1 major, 1 minor\n- Top issues: SQL injection (critical), missing null check (major), over-fetching columns (minor)\n- **Assessment: Needs changes**\n\n## Notes\n\n- If the diff is large, focus on files with the most business logic first.\n- For nitpicks (formatting, naming), group them at the end rather than interspersing them with real issues.\n- This skill does not run linters or static analysis — it is a reasoning-based review. For automated checks, run your existing lint/test pipeline first.","tags":["code","review","checklist","openagentskills","notysoty","agent-skills","claude","claude-code","claude-skills","cline","cursor","llm"],"capabilities":["skill","source-notysoty","skill-code-review-checklist","topic-agent-skills","topic-claude","topic-claude-code","topic-claude-skills","topic-cline","topic-cursor","topic-llm","topic-llm-skills","topic-skills"],"categories":["openagentskills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/Notysoty/openagentskills/code-review-checklist","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add Notysoty/openagentskills","source_repo":"https://github.com/Notysoty/openagentskills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (4,909 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:13:21.157Z","embedding":null,"createdAt":"2026-05-18T13:20:41.661Z","updatedAt":"2026-05-18T19:13:21.157Z","lastSeenAt":"2026-05-18T19:13:21.157Z","tsv":"'+1':350 '0':574,587 '1':229,493,654,656,658 '2':290,498,609,635 '3':344,501,510,581 '4':389 '5':454 'access':256 'actual':466,651 'add':141 'agent':32,120,187,543,577 'agents/skills/code-review-checklist/skill.md':112 'analysi':716 'api':309 'appropri':286 'approv':514,515 'array':255 'ask':118,162,189 'assert':467 'assess':513,674 'async':272,554 'authent':317 'author':319 'autom':725 'await':275,569 'base':238,722 'behavior':237,469 'bug':45 'busi':689 'cach':386 'call':362 'case':264,479 'catch':44 'caught':283 'caus':596 'chang':520,676 'chat':181 'check':320,584,667,726 'checklist':3,7,23,42,128,134,199,488,548 'claud':105 'clear':80 'cline':107 'code':1,11,21,37,100,106,126,132,170,192,259,442,446,546 'codebas':403 'codex':167,180 'column':639,649,672 'command':301 'comment':242,412,444,449 'commented-out':443 'complet':486 'complex':407 'comput':364 'concern':52 'condit':280 'consist':399 'const':559,567 'constant':426 'content':143 'context':244 'copi':108,375 'correct':16,230,578 'could':276 'cover':15,460 'critic':208,458,607,655,664 'current':414 'cursor':140,163 'cursorrul':152 'data':372 'db.raw':570,625 'dead':441 'depend':337 'descript':223,397 'diff':12,139,680 'direct':30,616 'done':365 'downstream':597 'easi':55 'edg':263,478 'empti':265,480 'end':700 'enough':408 'error':251,282,474,482,598 'escap':329 'even':640 'everi':203,368 'exampl':540 'exist':729 'expens':359 'explan':81 'explicit':601 'feedback':78 'fetch':637,671 'file':14,110,123,153,157,213,303,685 'find':69,495 'first':505,691,732 'fix':504,518 'focus':683 'format':694 'found':205,525,532,593 'function':240,395,429,552,555 'getus':556 'good':342 'group':696 'handl':261,285 'hardcod':313 'heavi':363 'highest':506 'html':334 'id':557,565,566,613,630,631 'impact':509 'includ':262 'inject':611,663 'input':266,295,481,541 'insid':355 'instead':228 'instruct':147,173,184 'intend':236 'interpol':615 'interspers':703 'issu':47,204,219,502,523,531,661,707 'key':310 'known':341 'known-good':340 'larg':371,682 'level':77 'line':76,216,580,608,634 'line-level':75 'lint/test':730 'linter':713 'list':67 'locat':212 'log':315 'logic':233,406,690 'loop':253,357 'magic':418 'maintain':391 'major':209,579,657,668 'match':234 'may':595 'meaning':468 'memoiz':388 'merg':85 'minor':210,517,633,659,673 'miss':57,665 'n':349 'name':214,241,396,425,695 'need':519,646,675 'negat':269 'network':361 'nit':211 'nitpick':693 'note':677 'notfounderror':605 'null':267,583,600,666 'number':217,270,419 'obvious':383 'off-by-on':247 'one':221,250,433 'one-sent':220 'open':155 'oper':273,325 'opinion':98 'opportun':384 'order':201 'output':63,206,327,489,575 'over-fetch':669 'overal':512 'parameter':623 'password':312 'past':168 'path':260,304,459 'pattern':352 'perform':18,34,48,345,632 'pin':338 'pipelin':731 'place':322 'pr':87,138 'priorit':66 'problem':49 'project':115 'prompt':146,183 'proper':274,328 'proven':41 'qualiti':101 'queri':299,351,354,560,571,619,624 'quick':60 'race':279 'rather':536,701 'readabl':20,51,390 'real':706 'reason':721 'reasoning-bas':720 'refactor':90 'refer':378 'render':332 'request':369 'resolv':453 'respons':438 'result':568 'result.rows':573,586 'return':572,588,599 'review':2,8,22,38,121,127,133,160,165,191,547,723 'root':116 'run':4,130,712,727 'sanit':306 'scan':61 'second':97 'secret':308 'section':148,176,196,528,535 'secur':17,46,291,606 'select':561,626,636 'sensit':324 'sentenc':222 'sever':207,497,507 'shell':300 'silent':288 'singl':437 'single-respons':436 'skill':26,29,129,135,549,709 'skill-code-review-checklist' 'skip':538 'source-notysoty' 'specif':74 'specifi':647 'sql':298,610,662 'state':483 'static':715 'string':421,558,620 'structur':36,373 'suffic':380 'suggest':72,224 'summari':491,653 'surround':402 'swallow':289 'systemat':6 'test':455,462,465,484 'thing':434 'throw':603 'thrown':476 'time':93 'todo':448 'top':500,660 'topic-agent-skills' 'topic-claude' 'topic-claude-code' 'topic-claude-skills' 'topic-cline' 'topic-cursor' 'topic-llm' 'topic-llm-skills' 'topic-skills' 'total':494 'typescript':553 'undefin':589 'unexplain':415 'unnecessarili':366 'use':39,82,104,124,296,544,621,652 'user':294,563,591,628 'vagu':71 'variabl':393 'version':343 'violat':435 'vulner':612 'want':95,159 'warrant':410 'without':305 'work':193,360 'would':379 'write':529 'xss':335 'zero':268","prices":[{"id":"10f4f9ef-328a-48c3-891e-f19310ef799c","listingId":"0a0c4692-19e5-4792-9a07-a3a6725262ed","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"Notysoty","category":"openagentskills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:20:41.661Z"}],"sources":[{"listingId":"0a0c4692-19e5-4792-9a07-a3a6725262ed","source":"github","sourceId":"Notysoty/openagentskills/code-review-checklist","sourceUrl":"https://github.com/Notysoty/openagentskills/tree/main/skills/code-review-checklist","isPrimary":false,"firstSeenAt":"2026-05-18T13:20:41.661Z","lastSeenAt":"2026-05-18T19:13:21.157Z"}],"details":{"listingId":"0a0c4692-19e5-4792-9a07-a3a6725262ed","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"Notysoty","slug":"code-review-checklist","github":{"repo":"Notysoty/openagentskills","stars":8,"topics":["agent-skills","claude","claude-code","claude-skills","cline","cursor","llm","llm-skills","skills"],"license":"mit","html_url":"https://github.com/Notysoty/openagentskills","pushed_at":"2026-03-28T06:50:19Z","description":"A  community-driven library of reusable AI agent skills for Claude Code, Cursor, Codex, Cline, and more.","skill_md_sha":"76f4f293840f50d2dcd561c4f8bb994a1c62173c","skill_md_path":"skills/code-review-checklist/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/Notysoty/openagentskills/tree/main/skills/code-review-checklist"},"layout":"multi","source":"github","category":"openagentskills","frontmatter":{"name":"Code Review Checklist","description":"Runs a systematic checklist review on any code diff or file, covering correctness, security, performance, and readability."},"skills_sh_url":"https://skills.sh/Notysoty/openagentskills/code-review-checklist"},"updatedAt":"2026-05-18T19:13:21.157Z"}}