explainx.ainewsletter3.02k
Productivity

code-review

anthropics/knowledge-work-plugins · updated Apr 8, 2026

$npx skills add https://github.com/anthropics/knowledge-work-plugins --skill code-review
0 commentsdiscussion
summary

Structured code review for security, performance, correctness, and maintainability across PR diffs and file changes.

  • Audits security risks including SQL injection, XSS, CSRF, authentication flaws, and credential exposure
  • Identifies performance issues like N+1 queries, memory leaks, algorithmic complexity, and resource leaks
  • Checks correctness for edge cases, race conditions, error handling, and type safety gaps
  • Works standalone with diffs and file paths; integrates with source con
skill.md

/code-review

If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md.

Review code changes with a structured lens on security, performance, correctness, and maintainability.

Usage

/code-review <PR URL or file path>

Review the provided code changes: @$1

If no specific file or URL is provided, ask what to review.

How It Works

┌─────────────────────────────────────────────────────────────────┐
│                      CODE REVIEW                                   │
├─────────────────────────────────────────────────────────────────┤
│  STANDALONE (always works)                                       │
│  ✓ Paste a diff, PR URL, or point to files                      │
│  ✓ Security audit (OWASP top 10, injection, auth)               │
│  ✓ Performance review (N+1, memory leaks, complexity)           │
│  ✓ Correctness (edge cases, error handling, race conditions)    │
│  ✓ Style (naming, structure, readability)                        │
│  ✓ Actionable suggestions with code examples                    │
├─────────────────────────────────────────────────────────────────┤
│  SUPERCHARGED (when you connect your tools)                      │
│  + Source control: Pull PR diff automatically                    │
│  + Project tracker: Link findings to tickets                     │
│  + Knowledge base: Check against team coding standards           │
└─────────────────────────────────────────────────────────────────┘

Review Dimensions

Security

  • SQL injection, XSS, CSRF
  • Authentication and authorization flaws
  • Secrets or credentials in code
  • Insecure deserialization
  • Path traversal
  • SSRF

Performance

  • N+1 queries
  • Unnecessary memory allocations
  • Algorithmic complexity (O(n²) in hot paths)
  • Missing database indexes
  • Unbounded queries or loops
  • Resource leaks

Correctness

  • Edge cases (empty input, null, overflow)
  • Race conditions and concurrency issues
  • Error handling and propagation
  • Off-by-one errors
  • Type safety

Maintainability

  • Naming clarity
  • Single responsibility
  • Duplication
  • Test coverage
  • Documentation for non-obvious logic

Output

## Code Review: [PR title or file]

### Summary
[1-2 sentence overview of the changes and overall quality]

### Critical Issues
| # | File | Line | Issue | Severity |
|---|------|------|-------|----------|
| 1 | [file] | [line] | [description] | 🔴 Critical |

### Suggestions
| # | File | Line | Suggestion | Category |
|---|------|------|------------|----------|
| 1 | [file] | [line] | [description] | Performance |

### What Looks Good
- [Positive observations]

### Verdict
[Approve / Request Changes / Needs Discussion]

If Connectors Available

If ~~source control is connected:

  • Pull the PR diff automatically from the URL
  • Check CI status and test results

If ~~project tracker is connected:

  • Link findings to related tickets
  • Verify the PR addresses the stated requirements

If ~~knowledge base is connected:

  • Check changes against team coding standards and style guides

Tips

  1. Provide context — "This is a hot path" or "This handles PII" helps me focus.
  2. Specify concerns — "Focus on security" narrows the review.
  3. Include tests — I'll check test coverage and quality too.

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.536 reviews
  • Nikhil Ndlovu· Dec 24, 2024

    We added code-review from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.

  • Chinedu Johnson· Dec 24, 2024

    Useful defaults in code-review — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Chaitanya Patil· Dec 16, 2024

    Useful defaults in code-review — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Hana Khanna· Nov 15, 2024

    code-review reduced setup friction for our internal harness; good balance of opinion and flexibility.

  • Mia Choi· Nov 15, 2024

    code-review is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Piyush G· Nov 7, 2024

    code-review is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Nikhil Wang· Nov 7, 2024

    Solid pick for teams standardizing on skills: code-review is focused, and the summary matches what you get after install.

  • Shikha Mishra· Oct 26, 2024

    Keeps context tight: code-review is the kind of skill you can hand to a new teammate without a long onboarding doc.

  • Nikhil Thompson· Oct 26, 2024

    code-review has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Hana Sanchez· Oct 6, 2024

    Registry listing for code-review matched our evaluation — installs cleanly and behaves as described in the markdown.

showing 1-10 of 36

1 / 4