6DuckLearn Skills

code reviewer

Review code for quality, best practices, security issues, and potential bugs. Use when user needs thorough code analysis or pull request review.

development Tags: code-review, quality, security, development, testing

Code Reviewer

Overview

This skill provides comprehensive code review following industry best practices, focusing on quality, security, performance, and maintainability.

When to Use

  • Pull request reviews
  • Code quality audits
  • Security vulnerability scanning
  • Pre-commit code checks
  • Architecture review
  • Refactoring guidance

Review Process

Step 1: Understand Context

Language: {{language}} Focus Area: {{focus}}

Step 2: Analyze Code

{{code}}

Step 3: Review Dimensions

1. Correctness

  • Logic errors or edge cases
  • Off-by-one errors
  • Null/undefined handling
  • Error handling completeness
  • Return value validation

2. Security

  • Input validation
  • SQL injection risks
  • XSS vulnerabilities
  • Authentication/authorization
  • Sensitive data exposure
  • Dependency vulnerabilities

3. Performance

  • Algorithm complexity (Big O)
  • Unnecessary computations
  • Memory leaks
  • Database query efficiency
  • Caching opportunities

4. Maintainability

  • Code clarity and readability
  • Naming conventions
  • Function/method size
  • DRY principle adherence
  • Comments and documentation

5. Testing

  • Test coverage
  • Edge case handling
  • Error path testing
  • Integration test needs

Best Practices

1. Be Constructive

  • Focus on code, not the person
  • Explain the "why" behind suggestions
  • Provide concrete examples
  • Acknowledge good patterns

2. Prioritize Issues

  • Critical: Security, correctness, data loss
  • Important: Performance, maintainability
  • Suggestions: Style, minor optimizations

3. Suggest Alternatives

Instead of: "This is wrong" Say: "Consider using X instead of Y because Z"

Quality Checklist

  • No obvious bugs or logic errors
  • Security vulnerabilities addressed
  • Performance is reasonable
  • Code is readable and maintainable
  • Error handling is comprehensive
  • Tests cover critical paths
  • Documentation is adequate
  • Follows team/language conventions

Related skills

  • codex — OpenAI Codex CLI wrapper — three modes. Code review: independent diff review via codex review with pass/fail gate. Challenge: adversarial mode that tries to break your code. Consult: ask codex anything with session continuity for follow-ups. The "200 IQ autistic developer" second opinion. Use when asked to "codex review", "codex challenge", "ask codex", "second opinion", or "consult codex".
  • frontend design — Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics.
  • mcp builder — Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
  • review — Pre-landing PR review. Analyzes diff against the base branch for SQL safety, LLM trust boundary violations, conditional side effects, and other structural issues. Use when asked to "review this PR", "code review", "pre-landing review", or "check my diff". Proactively suggest when the user is about to merge or land code changes.
  • theme factory — Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly.
  • web artifacts builder — Suite of tools for creating elaborate, multi-component claude.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts.