code review checklist

Code Review Checklist

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "code review checklist" with this command: npx skills add laurigates/claude-plugins/laurigates-claude-plugins-code-review-checklist

Code Review Checklist

Structured approach to reviewing code changes.

Review Priority Order

  • Security (Critical) - Vulnerabilities, secrets, injection

  • Correctness (High) - Logic errors, breaking changes

  • Performance (Medium) - Inefficiencies, resource leaks

  • Quality (Medium) - Maintainability, readability

  • Style (Low) - Formatting, naming (should be automated)

Security Checklist

Secrets & Credentials

  • No hardcoded API keys, passwords, tokens

  • No credentials in logs or error messages

  • Secrets loaded from environment/vault

Injection Vulnerabilities

  • SQL queries use parameterized statements

  • User input is sanitized before HTML output (XSS)

  • Shell commands don't include user input (command injection)

  • File paths are validated (path traversal)

Authentication & Authorization

  • Auth checks on all protected endpoints

  • Proper session handling

  • Secure password handling (hashing, not plaintext)

Data Exposure

  • Sensitive data not logged

  • API responses don't leak internal details

  • Error messages don't expose system info

Correctness Checklist

Logic

  • Edge cases handled (null, empty, boundary values)

  • Error conditions handled appropriately

  • Async operations properly awaited

  • Race conditions considered

Breaking Changes

  • API contracts maintained

  • Database migrations are reversible

  • Feature flags for risky changes

Testing

  • New code has tests

  • Tests cover error paths, not just happy path

  • Existing tests still pass

Performance Checklist

Efficiency

  • No N+1 queries

  • Appropriate data structures used

  • No unnecessary loops or iterations

  • Caching considered for expensive operations

Resources

  • Database connections closed/pooled

  • File handles closed

  • No memory leaks (event listeners removed, etc.)

Scale

  • Works with realistic data volumes

  • Pagination for large result sets

  • Timeouts on external calls

Quality Checklist

Readability

  • Clear, descriptive names

  • Functions do one thing

  • No overly complex conditionals

  • Comments explain "why", not "what"

Maintainability

  • DRY (no copy-paste duplication)

  • Appropriate abstractions

  • Dependencies are justified

  • No dead code

Consistency

  • Follows project patterns

  • Matches existing code style

  • Uses established utilities/helpers

Review Output Format

Review: [PR Title]

Risk Level: LOW | MEDIUM | HIGH | CRITICAL

Critical Issues

  1. [Category] Description (file:line)
    • Impact: What could go wrong
    • Fix: Specific recommendation

Suggestions

  1. [Category] Description (file:line)
    • Why: Reasoning
    • Consider: Alternative approach

Positive Notes

  • [Recognition of good patterns]

Quick Checks

For fast reviews, at minimum check:

  • Any secrets or credentials?

  • Any SQL/command injection?

  • Are error cases handled?

  • Do tests exist for new code?

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

python-code-quality

No summary provided by upstream source.

Repository SourceNeeds Review
-171
laurigates
Coding

python-development

No summary provided by upstream source.

Repository SourceNeeds Review
-83
laurigates
Coding

python-testing

No summary provided by upstream source.

Repository SourceNeeds Review
-71
laurigates