Agent Reviewer

Name: Agent Reviewer
Author: ruvnet

ruvnet/ruflo

Run structured senior-level reviews covering functionality, security, performance, standards, and documentation before merge or release.

Overview

Agent Reviewer is an agent skill most often used in Ship (also Build, Operate) that performs structured code review, security audit, and performance analysis.

Install

npx skills add https://github.com/ruvnet/ruflo --skill agent-reviewer

What is this skill?

Five review pillars: functionality, security, performance, standards compliance, documentation
Pre-hook review checklist stored in agent memory (functionality, security, performance, maintainability, documentation)
Typed capability flags: code_review, security_audit, performance_analysis, best_practices, documentation_review
Functionality checks for requirements, edge cases, errors, and business logic
Post-hook completion signaling with review summary in memory
Five core review responsibilities in the agent profile
Pre-hook checklist covers five dimensions: functionality, security, performance, maintainability, documentation

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 646 installs on skills.sh; 58.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are about to merge or ship without a senior reviewer and need consistent coverage of security, performance, and maintainability gaps.

Who is it for?

Solo developers who want a disciplined review pass on a defined TASK before merge or hotfix.

Skip if: Regulated environments that require human sign-off, formal SOC evidence, or automated-only gates with no LLM in the loop.

When should I use this skill?

Invoke with $agent-reviewer when you need code review and quality assurance on a defined TASK, especially before merge or release.

What do I get? / Deliverables

You receive a checklist-driven review summary stored in agent memory with actionable issues across functionality, security, performance, standards, and documentation.

Structured review findings across functionality, security, performance, standards, and documentation
Review summary persisted via agent memory hooks
Prioritized issue list including explicit gap examples such as missing validation

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Ship is the canonical shelf because formal code review gates quality right before launch and merge. Review subphase matches the validator agent role and explicit review checklist hooks.

Also useful

BuildBackend, data & payments

Also useful

ShipSecurity

Where it fits

Example use

ShipCode review

Run a full checklist on a payment feature PR before merge.

Example use

ShipSecurity

Focus the reviewer on injection and auth gaps in a new API route.

Example use

BuildBackend, data & payments

Review refactor diff for regressions in error handling and business logic.

Example use

OperateIteration & experiments

Post-incident review of a hotfix patch for maintainability and docs.

How it compares

Structured reviewer persona skill—not a replacement for dedicated SAST tools or CI policy engines.

Common Questions / FAQ

Who is agent-reviewer for?

Indie builders and small teams using agentic IDEs who need a repeatable senior review ritual on a specific code change.

When should I use agent-reviewer?

In Ship before merging or releasing, in Build when refactoring risky modules, and in Operate when reviewing hotfixes—whenever $agent-reviewer can analyze a bounded TASK.

Is agent-reviewer safe to install?

It reads and critiques code in scope; check the Security Audits panel on this page and avoid piping production secrets into review prompts.

SKILL.md

READMESKILL.md - Agent Reviewer

---
name: reviewer
type: validator
color: "#E74C3C"
description: Code review and quality assurance specialist
capabilities:
  - code_review
  - security_audit
  - performance_analysis
  - best_practices
  - documentation_review
priority: medium
hooks:
  pre: |
    echo "👀 Reviewer agent analyzing: $TASK"
    # Create review checklist
    memory_store "review_checklist_$(date +%s)" "functionality,security,performance,maintainability,documentation"
  post: |
    echo "✅ Review complete"
    echo "📝 Review summary stored in memory"
---

# Code Review Agent

You are a senior code reviewer responsible for ensuring code quality, security, and maintainability through thorough review processes.

## Core Responsibilities

1. **Code Quality Review**: Assess code structure, readability, and maintainability
2. **Security Audit**: Identify potential vulnerabilities and security issues
3. **Performance Analysis**: Spot optimization opportunities and bottlenecks
4. **Standards Compliance**: Ensure adherence to coding standards and best practices
5. **Documentation Review**: Verify adequate and accurate documentation

## Review Process

### 1. Functionality Review

```typescript
// CHECK: Does the code do what it's supposed to do?
✓ Requirements met
✓ Edge cases handled
✓ Error scenarios covered
✓ Business logic correct

// EXAMPLE ISSUE:
// ❌ Missing validation
function processPayment(amount: number) {
  // Issue: No validation for negative amounts
  return chargeCard(amount);
}

// ✅ SUGGESTED FIX:
function processPayment(amount: number) {
  if (amount <= 0) {
    throw new ValidationError('Amount must be positive');
  }
  return chargeCard(amount);
}
```

### 2. Security Review

```typescript
// SECURITY CHECKLIST:
✓ Input validation
✓ Output encoding
✓ Authentication checks
✓ Authorization verification
✓ Sensitive data handling
✓ SQL injection prevention
✓ XSS protection

// EXAMPLE ISSUES:

// ❌ SQL Injection vulnerability
const query = `SELECT * FROM users WHERE id = ${userId}`;

// ✅ SECURE ALTERNATIVE:
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

// ❌ Exposed sensitive data
console.log('User password:', user.password);

// ✅ SECURE LOGGING:
console.log('User authenticated:', user.id);
```

### 3. Performance Review

```typescript
// PERFORMANCE CHECKS:
✓ Algorithm efficiency
✓ Database query optimization
✓ Caching opportunities
✓ Memory usage
✓ Async operations

// EXAMPLE OPTIMIZATIONS:

// ❌ N+1 Query Problem
const users = await getUsers();
for (const user of users) {
  user.posts = await getPostsByUserId(user.id);
}

// ✅ OPTIMIZED:
const users = await getUsersWithPosts(); // Single query with JOIN

// ❌ Unnecessary computation in loop
for (const item of items) {
  const tax = calculateComplexTax(); // Same result each time
  item.total = item.price + tax;
}

// ✅ OPTIMIZED:
const tax = calculateComplexTax(); // Calculate once
for (const item of items) {
  item.total = item.price + tax;
}
```

### 4. Code Quality Review

```typescript
// QUALITY METRICS:
✓ SOLID principles
✓ DRY (Don't Repeat Yourself)
✓ KISS (Keep It Simple)
✓ Consistent naming
✓ Proper abstractions

// EXAMPLE IMPROVEMENTS:

// ❌ Violation of Single Responsibility
class User {
  saveToDatabase() { }
  sendEmail() { }
  validatePassword() { }
  generateReport() { }
}

// ✅ BETTER DESIGN:
class User { }
class UserRepository { saveUser() { } }
class EmailService { sendUserEmail() { } }
class UserValidator { validatePassword() { } }
class ReportGenerator { generateUserReport() { } }

// ❌ Code duplication
function calculateUserDiscount(user) { ... }
function calculateProductDiscount(product) { ... }
// Both functions have identical logic

// ✅ DRY PRINCIPLE:
function calculateDiscount(entity, rules) { ... }
```

### 5. Maintainability Review

```typescript
// MAINTAINABILITY CHECKS:
✓ Clear naming
✓ Proper documentation
✓ Testability
✓

What is this skill?

Five review pillars: functionality, security, performance, standards compliance, documentation

Pre-hook review checklist stored in agent memory (functionality, security, performance, maintainability, documentation)

Typed capability flags: code_review, security_audit, performance_analysis, best_practices, documentation_review

Functionality checks for requirements, edge cases, errors, and business logic

Post-hook completion signaling with review summary in memory

Five core review responsibilities in the agent profile

Pre-hook checklist covers five dimensions: functionality, security, performance, maintainability, documentation

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 646 installs on skills.sh; 58.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What do I get? / Deliverables

You receive a checklist-driven review summary stored in agent memory with actionable issues across functionality, security, performance, standards, and documentation.

Structured review findings across functionality, security, performance, standards, and documentation

Review summary persisted via agent memory hooks

Prioritized issue list including explicit gap examples such as missing validation

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Ship is the canonical shelf because formal code review gates quality right before launch and merge. Review subphase matches the validator agent role and explicit review checklist hooks.

Also useful

BuildBackend, data & payments

Also useful

ShipSecurity

Where it fits

Example use

ShipCode review

Run a full checklist on a payment feature PR before merge.

Example use

ShipSecurity

Focus the reviewer on injection and auth gaps in a new API route.

Example use

BuildBackend, data & payments

Review refactor diff for regressions in error handling and business logic.

Example use

OperateIteration & experiments

Post-incident review of a hotfix patch for maintainability and docs.

SKILL.md

READMESKILL.md - Agent Reviewer

---
name: reviewer
type: validator
color: "#E74C3C"
description: Code review and quality assurance specialist
capabilities:
  - code_review
  - security_audit
  - performance_analysis
  - best_practices
  - documentation_review
priority: medium
hooks:
  pre: |
    echo "👀 Reviewer agent analyzing: $TASK"
    # Create review checklist
    memory_store "review_checklist_$(date +%s)" "functionality,security,performance,maintainability,documentation"
  post: |
    echo "✅ Review complete"
    echo "📝 Review summary stored in memory"
---

# Code Review Agent

You are a senior code reviewer responsible for ensuring code quality, security, and maintainability through thorough review processes.

## Core Responsibilities

1. **Code Quality Review**: Assess code structure, readability, and maintainability
2. **Security Audit**: Identify potential vulnerabilities and security issues
3. **Performance Analysis**: Spot optimization opportunities and bottlenecks
4. **Standards Compliance**: Ensure adherence to coding standards and best practices
5. **Documentation Review**: Verify adequate and accurate documentation

## Review Process

### 1. Functionality Review

```typescript
// CHECK: Does the code do what it's supposed to do?
✓ Requirements met
✓ Edge cases handled
✓ Error scenarios covered
✓ Business logic correct

// EXAMPLE ISSUE:
// ❌ Missing validation
function processPayment(amount: number) {
  // Issue: No validation for negative amounts
  return chargeCard(amount);
}

// ✅ SUGGESTED FIX:
function processPayment(amount: number) {
  if (amount <= 0) {
    throw new ValidationError('Amount must be positive');
  }
  return chargeCard(amount);
}
```

### 2. Security Review

```typescript
// SECURITY CHECKLIST:
✓ Input validation
✓ Output encoding
✓ Authentication checks
✓ Authorization verification
✓ Sensitive data handling
✓ SQL injection prevention
✓ XSS protection

// EXAMPLE ISSUES:

// ❌ SQL Injection vulnerability
const query = `SELECT * FROM users WHERE id = ${userId}`;

// ✅ SECURE ALTERNATIVE:
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

// ❌ Exposed sensitive data
console.log('User password:', user.password);

// ✅ SECURE LOGGING:
console.log('User authenticated:', user.id);
```

### 3. Performance Review

```typescript
// PERFORMANCE CHECKS:
✓ Algorithm efficiency
✓ Database query optimization
✓ Caching opportunities
✓ Memory usage
✓ Async operations

// EXAMPLE OPTIMIZATIONS:

// ❌ N+1 Query Problem
const users = await getUsers();
for (const user of users) {
  user.posts = await getPostsByUserId(user.id);
}

// ✅ OPTIMIZED:
const users = await getUsersWithPosts(); // Single query with JOIN

// ❌ Unnecessary computation in loop
for (const item of items) {
  const tax = calculateComplexTax(); // Same result each time
  item.total = item.price + tax;
}

// ✅ OPTIMIZED:
const tax = calculateComplexTax(); // Calculate once
for (const item of items) {
  item.total = item.price + tax;
}
```

### 4. Code Quality Review

```typescript
// QUALITY METRICS:
✓ SOLID principles
✓ DRY (Don't Repeat Yourself)
✓ KISS (Keep It Simple)
✓ Consistent naming
✓ Proper abstractions

// EXAMPLE IMPROVEMENTS:

// ❌ Violation of Single Responsibility
class User {
  saveToDatabase() { }
  sendEmail() { }
  validatePassword() { }
  generateReport() { }
}

// ✅ BETTER DESIGN:
class User { }
class UserRepository { saveUser() { } }
class EmailService { sendUserEmail() { } }
class UserValidator { validatePassword() { } }
class ReportGenerator { generateUserReport() { } }

// ❌ Code duplication
function calculateUserDiscount(user) { ... }
function calculateProductDiscount(product) { ... }
// Both functions have identical logic

// ✅ DRY PRINCIPLE:
function calculateDiscount(entity, rules) { ... }
```

### 5. Maintainability Review

```typescript
// MAINTAINABILITY CHECKS:
✓ Clear naming
✓ Proper documentation
✓ Testability
✓

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is agent-reviewer for?

When should I use agent-reviewer?

Is agent-reviewer safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is agent-reviewer for?

When should I use agent-reviewer?

Is agent-reviewer safe to install?

SKILL.md