Code Review Analysis
Run a structured PR review covering quality, security, performance, and maintainability before you merge.
Overview
Code Review Analysis is an agent skill most often used in Ship (also Build and Operate) that guides comprehensive PR reviews with quality, security, and maintainability checks plus constructive feedback.
Install
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill code-review-analysisWhat is this skill?
- Systematic review across quality, security, performance, and maintainability
- Git-first quick start: diff stat, branch diff, and commit log inspection
- Reference guides for initial assessment, code quality analysis, and security review
- Constructive feedback and mentoring-oriented review tone
- Use before merging to catch vulnerabilities and standards drift
- Three named reference guides: Initial Assessment, Code Quality Analysis, Security Review
Adoption & trust: 2.1k installs on skills.sh; 250 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to merge a branch but only have a vague sense of risk across security, style, and design quality.
Who is it for?
Solo developers self-reviewing feature branches or small teams without a dedicated reviewer on every PR.
Skip if: Replacing mandatory human review on regulated codebases or formal SOC2 audit sign-off without human experts.
When should I use this skill?
Reviewing pull requests, analyzing code quality, checking security vulnerabilities, or providing code improvement suggestions before merge.
What do I get? / Deliverables
You get a structured review anchored on git diffs and reference playbooks, with actionable fixes and security-aware commentary before merge.
- Structured review comments
- Security and quality finding list
- Improvement suggestions aligned to standards
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Merge gates and pre-release scrutiny live in Ship, where review subphase is the canonical home for PR analysis skills. Matches review because the skill is built around diff inspection, standards compliance, and constructive merge feedback.
Where it fits
Run a full PR pass on auth changes before merging to main.
Self-review an API refactor branch for error-handling and SQL injection risks.
Review a production hotfix diff for regressions and missing tests.
Deep-read security reference material on diffs touching credentials or ACLs.
How it compares
Structured review methodology skill, not an automated SAST scanner or CI-only linter gate.
Common Questions / FAQ
Who is code-review-analysis for?
Builders and maintainers who want agent-assisted, standards-aware pull request reviews without hiring a full-time reviewer.
When should I use code-review-analysis?
In Ship before merging PRs, in Build while iterating on a feature branch, and in Operate when reviewing hotfixes—especially for security, performance, and maintainability passes.
Is code-review-analysis safe to install?
It is prompt-and-reference guidance over your repo diffs; review the Security Audits panel on this page and avoid pasting secrets into review threads.
SKILL.md
READMESKILL.md - Code Review Analysis
# Code Review Analysis ## Table of Contents - [Overview](#overview) - [When to Use](#when-to-use) - [Quick Start](#quick-start) - [Reference Guides](#reference-guides) - [Best Practices](#best-practices) ## Overview Systematic code review process covering code quality, security, performance, maintainability, and best practices following industry standards. ## When to Use - Reviewing pull requests and merge requests - Analyzing code quality before merging - Identifying security vulnerabilities - Providing constructive feedback to developers - Ensuring coding standards compliance - Mentoring through code review ## Quick Start Minimal working example: ```bash # Check the changes git diff main...feature-branch # Review file changes git diff --stat main...feature-branch # Check commit history git log main...feature-branch --oneline ``` ## Reference Guides Detailed implementations in the `references/` directory: | Guide | Contents | |---|---| | [Initial Assessment](references/initial-assessment.md) | Initial Assessment | | [Code Quality Analysis](references/code-quality-analysis.md) | Code Quality Analysis | | [Security Review](references/security-review.md) | Security Review | | [Performance Review](references/performance-review.md) | Performance Review | | [Testing Review](references/testing-review.md) | Testing Review | | [Best Practices](references/best-practices.md) | Best Practices | ## Best Practices ### ✅ DO - Be constructive and respectful - Explain the "why" behind suggestions - Provide code examples - Ask questions if unclear - Acknowledge good practices - Focus on important issues - Consider the context - Offer to pair program on complex issues ### ❌ DON'T - Be overly critical or personal - Nitpick minor style issues (use automated tools) - Block on subjective preferences - Review too many changes at once (>400 lines) - Forget to check tests - Ignore security implications - Rush the review #!/bin/bash # validate-schema.sh - Validate database schema # Usage: ./validate-schema.sh <schema_file> set -euo pipefail SCHEMA_FILE="${{1:?Usage: $0 <schema_file>}}" echo "Validating schema: $SCHEMA_FILE" # TODO: Add schema validation # - Check SQL syntax # - Verify foreign key references # - Check index definitions # - Validate naming conventions # - Check for missing constraints echo "Schema validation complete." -- Migration: [description] -- Created: [date] -- TODO: Customize for your migration framework BEGIN; -- Up migration -- TODO: Add schema changes -- CREATE TABLE IF NOT EXISTS ... -- ALTER TABLE ... -- Down migration (rollback) -- TODO: Add rollback statements -- DROP TABLE IF EXISTS ... COMMIT; # Code Quality Analysis ## Code Quality Analysis ### Readability ```python # ❌ Poor readability def p(u,o): return u['t']*o['q'] if u['s']=='a' else 0 # ✅ Good readability def calculate_order_total(user: User, order: Order) -> float: """Calculate order total with user-specific pricing.""" if user.status == 'active': return user.tier_price * order.quantity return 0 ``` ### Complexity ```javascript // ❌ High cognitive complexity function processData(data) { if (data) { if (data.type === "user") { if (data.status === "active") { if (data.permissions && data.permissions.length > 0) { // deeply nested logic } } } } } // ✅ Reduced complexity with early returns function processData(data) { if (!data) return null; if (data.type !== "user") return null; if (data.status !== "active") return null; if (!data.permissions?.length) return null; // main logic at top level } ``` # Security Review ## Security Review ### Common