code-review

- SQL injection vulnerabilities

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "code-review" with this command: npx skills add moodmnky-llc/mood-mnky-command/moodmnky-llc-mood-mnky-command-code-review

Code Review

Review Categories

  1. Security Review

Check for:

  • SQL injection vulnerabilities

  • XSS (Cross-Site Scripting)

  • Command injection

  • Insecure deserialization

  • Hardcoded secrets/credentials

  • Improper authentication/authorization

  • Insecure direct object references

  1. Performance Review

Check for:

  • N+1 queries

  • Missing database indexes

  • Unnecessary re-renders (React)

  • Memory leaks

  • Blocking operations in async code

  • Missing caching opportunities

  • Large bundle sizes

  1. Code Quality Review

Check for:

  • Code duplication (DRY violations)

  • Functions doing too much (SRP violations)

  • Deep nesting / complex conditionals

  • Magic numbers/strings

  • Poor naming

  • Missing error handling

  • Incomplete type coverage

  1. Testing Review

Check for:

  • Missing test coverage for new code

  • Tests that don't test behavior

  • Flaky test patterns

  • Missing edge cases

  • Mocked external dependencies

Review Output Format

Code Review Summary

🔴 Critical (Must Fix)

  • [File:Line] [Issue description]
    • Why: [Explanation]
    • Fix: [Suggested fix]

🟡 Suggestions (Should Consider)

  • [File:Line] [Issue description]
    • Why: [Explanation]
    • Fix: [Suggested fix]

🟢 Nits (Optional)

  • [File:Line] [Minor suggestion]

✅ What's Good

  • [Positive feedback on good patterns]

Common Patterns to Flag

Security

// BAD: SQL injection const query = SELECT * FROM users WHERE id = ${userId};

// GOOD: Parameterized query const query = 'SELECT * FROM users WHERE id = $1'; await db.query(query, [userId]);

Performance

// BAD: N+1 query users.forEach(async user => { const posts = await getPosts(user.id); });

// GOOD: Batch query const userIds = users.map(u => u.id); const posts = await getPostsForUsers(userIds);

Error Handling

// BAD: Swallowing errors try { await riskyOperation(); } catch (e) {}

// GOOD: Handle or propagate try { await riskyOperation(); } catch (e) { logger.error('Operation failed', { error: e }); throw new AppError('Operation failed', { cause: e }); }

Review Checklist

  • No hardcoded secrets

  • Input validation present

  • Error handling complete

  • Types/interfaces defined

  • Tests added for new code

  • No obvious performance issues

  • Code is readable and documented

  • Breaking changes documented

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

code-refactoring

No summary provided by upstream source.

Repository SourceNeeds Review
-11
moodmnky-llc
Coding

javascript-typescript

No summary provided by upstream source.

Repository SourceNeeds Review
-10
moodmnky-llc
Coding

llm-application-dev

No summary provided by upstream source.

Repository SourceNeeds Review
-10
moodmnky-llc