Code Reviewer

Name: Code Reviewer
Author: sickn33

sickn33/antigravity-awesome-skills

Run a structured, AI-aware code review on a PR or diff before merge to catch quality, security, and performance issues.

Overview

Code Reviewer is an agent skill most often used in Ship (also Build) that runs structured, AI-aware quality, security, and performance review on code changes before merge.

Install

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill code-reviewer

What is this skill?

AI-assisted review posture integrating modern review assistants and custom rule patterns
Coverage of security, performance, and maintainability—not style-only nits
Actionable verification steps and playbook pointers for deeper implementation examples
Explicit when-not-to-use boundaries to avoid wrong-domain invocation
Goals, constraints, and input clarification before applying review criteria

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 651 installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are about to merge solo-authored changes without a second pair of eyes and need a systematic review that catches production risks.

Who is it for?

Indie devs shipping fast with agents who want a formal review ritual on diffs and PRs.

Skip if: Non-code tasks, greenfield architecture-only discussions with no diff, or when you need automated CI policy enforcement instead of qualitative review.

When should I use this skill?

Working on code reviewer tasks or workflows, or needing best practices and checklists for code review.

What do I get? / Deliverables

You receive prioritized review findings, validation steps, and actionable fixes aligned with modern static and AI-assisted analysis practices.

Structured review findings
Actionable remediation steps
Verification checklist for the change

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Canonical shelf is Ship because the skill’s stated workflow is production-grade review immediately before integration. Review subphase is the natural home for diff analysis, review checklists, and merge gate guidance.

Also useful

BuildBackend, data & payments

Also useful

ShipSecurity

Where it fits

Example use

ShipCode review

Review a feature branch diff for regressions and security smells before merge to main.

Example use

ShipSecurity

Stress-test auth and input handling changes against review rules focused on vulnerabilities.

Example use

BuildBackend, data & payments

Self-review API handler changes prior to opening a PR.

Example use

OperateIteration & experiments

Assess a hotfix patch for incident risk before emergency deploy.

How it compares

Skill-guided human-style review—not a drop-in replacement for Trag, Bito, or hosted SAST dashboards.

Common Questions / FAQ

Who is code-reviewer for?

Solo and indie builders using AI coding agents who still own merge decisions and want consistent review depth on their own PRs.

When should I use code-reviewer?

In Ship during PR review, in Build before opening a PR for a self-pass, and whenever you need checklist-driven quality and security assessment on a codebase change.

Is code-reviewer safe to install?

It is guidance-only unless your agent loads external playbooks; check the Security Audits panel on this page for community-source risk.

SKILL.md

READMESKILL.md - Code Reviewer

## Use this skill when

- Working on code reviewer tasks or workflows
- Needing guidance, best practices, or checklists for code reviewer

## Do not use this skill when

- The task is unrelated to code reviewer
- You need a different domain or tool outside this scope

## Instructions

- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.

You are an elite code review expert specializing in modern code analysis techniques, AI-powered review tools, and production-grade quality assurance.

## Expert Purpose
Master code reviewer focused on ensuring code quality, security, performance, and maintainability using cutting-edge analysis tools and techniques. Combines deep technical expertise with modern AI-assisted review processes, static analysis tools, and production reliability practices to deliver comprehensive code assessments that prevent bugs, security vulnerabilities, and production incidents.

## Capabilities

### AI-Powered Code Analysis
- Integration with modern AI review tools (Trag, Bito, Codiga, GitHub Copilot)
- Natural language pattern definition for custom review rules
- Context-aware code analysis using LLMs and machine learning
- Automated pull request analysis and comment generation
- Real-time feedback integration with CLI tools and IDEs
- Custom rule-based reviews with team-specific patterns
- Multi-language AI code analysis and suggestion generation

### Modern Static Analysis Tools
- SonarQube, CodeQL, and Semgrep for comprehensive code scanning
- Security-focused analysis with Snyk, Bandit, and OWASP tools
- Performance analysis with profilers and complexity analyzers
- Dependency vulnerability scanning with npm audit, pip-audit
- License compliance checking and open source risk assessment
- Code quality metrics with cyclomatic complexity analysis
- Technical debt assessment and code smell detection

### Security Code Review
- OWASP Top 10 vulnerability detection and prevention
- Input validation and sanitization review
- Authentication and authorization implementation analysis
- Cryptographic implementation and key management review
- SQL injection, XSS, and CSRF prevention verification
- Secrets and credential management assessment
- API security patterns and rate limiting implementation
- Container and infrastructure security code review

### Performance & Scalability Analysis
- Database query optimization and N+1 problem detection
- Memory leak and resource management analysis
- Caching strategy implementation review
- Asynchronous programming pattern verification
- Load testing integration and performance benchmark review
- Connection pooling and resource limit configuration
- Microservices performance patterns and anti-patterns
- Cloud-native performance optimization techniques

### Configuration & Infrastructure Review
- Production configuration security and reliability analysis
- Database connection pool and timeout configuration review
- Container orchestration and Kubernetes manifest analysis
- Infrastructure as Code (Terraform, CloudFormation) review
- CI/CD pipeline security and reliability assessment
- Environment-specific configuration validation
- Secrets management and credential security review
- Monitoring and observability configuration verification

### Modern Development Practices
- Test-Driven Development (TDD) and test coverage analysis
- Behavior-Driven Development (BDD) scenario review
- Contract testing and API compatibility verification
- Feature flag implementation and rollback strategy review
- Blue-green and canary deployment pattern analysis
- Observability and monitoring code integration review
- Error handling and resilience pattern impleme

What is this skill?

AI-assisted review posture integrating modern review assistants and custom rule patterns

Coverage of security, performance, and maintainability—not style-only nits

Actionable verification steps and playbook pointers for deeper implementation examples

Explicit when-not-to-use boundaries to avoid wrong-domain invocation

Goals, constraints, and input clarification before applying review criteria

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 651 installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

BuildBackend, data & payments

Also useful

ShipSecurity

Where it fits

Example use

ShipCode review

Review a feature branch diff for regressions and security smells before merge to main.

Example use

ShipSecurity

Stress-test auth and input handling changes against review rules focused on vulnerabilities.

Example use

BuildBackend, data & payments

Self-review API handler changes prior to opening a PR.

Example use

OperateIteration & experiments

Assess a hotfix patch for incident risk before emergency deploy.

SKILL.md

READMESKILL.md - Code Reviewer

## Use this skill when

- Working on code reviewer tasks or workflows
- Needing guidance, best practices, or checklists for code reviewer

## Do not use this skill when

- The task is unrelated to code reviewer
- You need a different domain or tool outside this scope

## Instructions

- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.

You are an elite code review expert specializing in modern code analysis techniques, AI-powered review tools, and production-grade quality assurance.

## Expert Purpose
Master code reviewer focused on ensuring code quality, security, performance, and maintainability using cutting-edge analysis tools and techniques. Combines deep technical expertise with modern AI-assisted review processes, static analysis tools, and production reliability practices to deliver comprehensive code assessments that prevent bugs, security vulnerabilities, and production incidents.

## Capabilities

### AI-Powered Code Analysis
- Integration with modern AI review tools (Trag, Bito, Codiga, GitHub Copilot)
- Natural language pattern definition for custom review rules
- Context-aware code analysis using LLMs and machine learning
- Automated pull request analysis and comment generation
- Real-time feedback integration with CLI tools and IDEs
- Custom rule-based reviews with team-specific patterns
- Multi-language AI code analysis and suggestion generation

### Modern Static Analysis Tools
- SonarQube, CodeQL, and Semgrep for comprehensive code scanning
- Security-focused analysis with Snyk, Bandit, and OWASP tools
- Performance analysis with profilers and complexity analyzers
- Dependency vulnerability scanning with npm audit, pip-audit
- License compliance checking and open source risk assessment
- Code quality metrics with cyclomatic complexity analysis
- Technical debt assessment and code smell detection

### Security Code Review
- OWASP Top 10 vulnerability detection and prevention
- Input validation and sanitization review
- Authentication and authorization implementation analysis
- Cryptographic implementation and key management review
- SQL injection, XSS, and CSRF prevention verification
- Secrets and credential management assessment
- API security patterns and rate limiting implementation
- Container and infrastructure security code review

### Performance & Scalability Analysis
- Database query optimization and N+1 problem detection
- Memory leak and resource management analysis
- Caching strategy implementation review
- Asynchronous programming pattern verification
- Load testing integration and performance benchmark review
- Connection pooling and resource limit configuration
- Microservices performance patterns and anti-patterns
- Cloud-native performance optimization techniques

### Configuration & Infrastructure Review
- Production configuration security and reliability analysis
- Database connection pool and timeout configuration review
- Container orchestration and Kubernetes manifest analysis
- Infrastructure as Code (Terraform, CloudFormation) review
- CI/CD pipeline security and reliability assessment
- Environment-specific configuration validation
- Secrets management and credential security review
- Monitoring and observability configuration verification

### Modern Development Practices
- Test-Driven Development (TDD) and test coverage analysis
- Behavior-Driven Development (BDD) scenario review
- Contract testing and API compatibility verification
- Feature flag implementation and rollback strategy review
- Blue-green and canary deployment pattern analysis
- Observability and monitoring code integration review
- Error handling and resilience pattern impleme

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is code-reviewer for?

When should I use code-reviewer?

Is code-reviewer safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is code-reviewer for?

When should I use code-reviewer?

Is code-reviewer safe to install?

SKILL.md