Code Review Checklist
Run a structured PR or audit review so functionality, security, performance, and maintainability are checked before merge.
Overview
Code Review Checklist is an agent skill most often used in Ship (also Build documentation) that guides systematic pull-request and audit reviews across functionality, security, performance, and maintainability.
Install
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill code-review-checklistWhat is this skill?
- Starts with context: problem, requirements, changed files, tickets, and testing strategy before line-by-line review
- Functionality pass: edge cases, error handling, logic, and requirement fit
- Maintainability pass: naming, structure, focused functions, and readability
- Explicit coverage of security and performance alongside functionality and maintainability
- Fits PR reviews, team standards, onboarding, and written review playbooks
- Structured review flow with explicit context, functionality, and code-quality steps
- Coverage across four dimensions: functionality, security, performance, and maintainability
Adoption & trust: 951 installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to merge or ship changes but your review is inconsistent and easy to skip security, edge cases, or intent alignment.
Who is it for?
Solo builders and tiny teams who own review on their own PRs and want a repeatable agent-guided checklist before merge.
Skip if: Repos where an approved external review standard already runs in CI with mandatory human sign-off and you only need ticket links—not a procedural skill.
When should I use this skill?
Reviewing pull requests, conducting code audits, establishing review standards, training reviewers, or authoring review documentation.
What do I get? / Deliverables
You finish reviews with a documented, multi-area checklist outcome so merges reflect tested requirements and fewer defects escape to production.
- Structured review notes aligned to functionality, security, performance, and maintainability
- Actionable findings list suitable for PR comments or audit report
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Pull-request and audit review are core Ship work; this skill is shelved under Ship so builders find it next to testing and security gates. The checklist is a review ritual—context, correctness, quality, and non-functional concerns—so Review is the canonical subphase.
Where it fits
Walk an agent through context and functionality checks on a feature PR before you squash-merge.
Layer a security-focused audit pass on auth changes using the same checklist framing.
Generate a team-facing review standard doc anchored on the skill’s steps for contractors.
Review a hotfix branch under time pressure without skipping error-handling and edge-case checks.
How it compares
Use instead of unstructured “LGTM” chat reviews when you want a named checklist workflow, not a linter replacement.
Common Questions / FAQ
Who is code-review-checklist for?
It is for indie developers and small teams using AI coding agents who still perform or document pull-request and code-audit reviews themselves.
When should I use code-review-checklist?
Use it during Ship when reviewing PRs or running audits; during Build when drafting team review standards or onboarding docs; and anytime you want agents to follow the same review passes before merge.
Is code-review-checklist safe to install?
It is procedural guidance only, but you should still review the Security Audits panel on this Prism page and inspect SKILL.md in your repo before enabling it in automated workflows.
SKILL.md
READMESKILL.md - Code Review Checklist
# Code Review Checklist ## Overview Provide a systematic checklist for conducting thorough code reviews. This skill helps reviewers ensure code quality, catch bugs, identify security issues, and maintain consistency across the codebase. ## When to Use This Skill - Use when reviewing pull requests - Use when conducting code audits - Use when establishing code review standards for a team - Use when training new developers on code review practices - Use when you want to ensure nothing is missed in reviews - Use when creating code review documentation ## How It Works ### Step 1: Understand the Context Before reviewing code, I'll help you understand: - What problem does this code solve? - What are the requirements? - What files were changed and why? - Are there related issues or tickets? - What's the testing strategy? ### Step 2: Review Functionality Check if the code works correctly: - Does it solve the stated problem? - Are edge cases handled? - Is error handling appropriate? - Are there any logical errors? - Does it match the requirements? ### Step 3: Review Code Quality Assess code maintainability: - Is the code readable and clear? - Are names descriptive? - Is it properly structured? - Are functions/methods focused? - Is there unnecessary complexity? ### Step 4: Review Security Check for security issues: - Are inputs validated? - Is sensitive data protected? - Are there SQL injection risks? - Is authentication/authorization correct? - Are dependencies secure? ### Step 5: Review Performance Look for performance issues: - Are there unnecessary loops? - Is database access optimized? - Are there memory leaks? - Is caching used appropriately? - Are there N+1 query problems? ### Step 6: Review Tests Verify test coverage: - Are there tests for new code? - Do tests cover edge cases? - Are tests meaningful? - Do all tests pass? - Is test coverage adequate? ## Examples ### Example 1: Functionality Review Checklist ```markdown ## Functionality Review ### Requirements - [ ] Code solves the stated problem - [ ] All acceptance criteria are met - [ ] Edge cases are handled - [ ] Error cases are handled - [ ] User input is validated ### Logic - [ ] No logical errors or bugs - [ ] Conditions are correct (no off-by-one errors) - [ ] Loops terminate correctly - [ ] Recursion has proper base cases - [ ] State management is correct ### Error Handling - [ ] Errors are caught appropriately - [ ] Error messages are clear and helpful - [ ] Errors don't expose sensitive information - [ ] Failed operations are rolled back - [ ] Logging is appropriate ### Example Issues to Catch: **❌ Bad - Missing validation:** \`\`\`javascript function createUser(email, password) { // No validation! return db.users.create({ email, password }); } \`\`\` **✅ Good - Proper validation:** \`\`\`javascript function createUser(email, password) { if (!email || !isValidEmail(email)) { throw new Error('Invalid email address'); } if (!password || password.length < 8) { throw new Error('Password must be at least 8 characters'); } return db.users.create({ email, password }); } \`\`\` ``` ### Example 2: Security Review Checklist ```markdown ## Security Review ### Input Validation - [ ] All user inputs are validated - [ ] SQL injection is prevented (use parameterized queries) - [ ] XSS is prevented (escape output) - [ ] CSRF protection is in place - [ ] File uploads are validated (type, size, content) ### Authentication & Authorization - [ ] Authentication is required where needed - [ ] Authorization checks are present - [ ] Passwords are hashed (never stored plain text) - [ ] Sessions are managed securely - [ ] Tokens expire appropriately ### Data Protection - [ ] Sensitive data is encrypted - [ ] A