PromptCreek
Sign up
Back to Skills
Engineering

Code Review

Review code changes for security, performance, and correctness. Trigger with a PR URL or diff, "review this before I merge", "is this code safe?", or when checking a change for N+1 queries, injection risks, missing edge cases, or error handling gaps.

$ npx promptcreek add code-review

Auto-detects your installed agents and installs the skill to each one.

What This Skill Does

This skill reviews code changes, focusing on security, performance, correctness, and maintainability. It provides actionable suggestions with code examples, and can be used with a PR URL, file path, or pasted diff. It's designed to help developers improve code quality and reduce potential issues.

When to Use

  • Review a pull request before merging.
  • Identify security vulnerabilities in code.
  • Optimize code for performance.
  • Ensure code adheres to style guidelines.
  • Catch edge cases and error handling issues.
  • Improve code readability and maintainability.

Key Features

Security audit for OWASP top 10 vulnerabilities.
Performance review for N+1 queries and memory leaks.
Correctness checks for edge cases and race conditions.
Style review for naming, structure, and readability.
Actionable suggestions with code examples.
Integration with source control, project tracker, and knowledge base.

Installation

Run in your project directory:
$ npx promptcreek add code-review

Auto-detects your installed agents (Claude Code, Cursor, Codex, etc.) and installs the skill to each one.

View Full Skill Content

/code-review

> If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md.

Review code changes with a structured lens on security, performance, correctness, and maintainability.

Usage

/code-review <PR URL or file path>

Review the provided code changes: @$1

If no specific file or URL is provided, ask what to review.

How It Works

┌─────────────────────────────────────────────────────────────────┐

│                      CODE REVIEW                                   │


├─────────────────────────────────────────────────────────────────┤


│  STANDALONE (always works)                                       │


│  ✓ Paste a diff, PR URL, or point to files                      │


│  ✓ Security audit (OWASP top 10, injection, auth)               │


│  ✓ Performance review (N+1, memory leaks, complexity)           │


│  ✓ Correctness (edge cases, error handling, race conditions)    │


│  ✓ Style (naming, structure, readability)                        │


│  ✓ Actionable suggestions with code examples                    │


├─────────────────────────────────────────────────────────────────┤


│  SUPERCHARGED (when you connect your tools)                      │


│  + Source control: Pull PR diff automatically                    │


│  + Project tracker: Link findings to tickets                     │


│  + Knowledge base: Check against team coding standards           │


└─────────────────────────────────────────────────────────────────┘

Review Dimensions

Security

  • SQL injection, XSS, CSRF
  • Authentication and authorization flaws
  • Secrets or credentials in code
  • Insecure deserialization
  • Path traversal
  • SSRF

Performance

  • N+1 queries
  • Unnecessary memory allocations
  • Algorithmic complexity (O(n²) in hot paths)
  • Missing database indexes
  • Unbounded queries or loops
  • Resource leaks

Correctness

  • Edge cases (empty input, null, overflow)
  • Race conditions and concurrency issues
  • Error handling and propagation
  • Off-by-one errors
  • Type safety

Maintainability

  • Naming clarity
  • Single responsibility
  • Duplication
  • Test coverage
  • Documentation for non-obvious logic

Output

## Code Review: [PR title or file]


Summary


[1-2 sentence overview of the changes and overall quality]



Critical Issues


| # | File | Line | Issue | Severity |


|---|------|------|-------|----------|


| 1 | [file] | [line] | [description] | 🔴 Critical |



Suggestions


| # | File | Line | Suggestion | Category |


|---|------|------|------------|----------|


| 1 | [file] | [line] | [description] | Performance |



What Looks Good


  • [Positive observations]
    • 



Verdict


[Approve / Request Changes / Needs Discussion]

If Connectors Available

If ~~source control is connected:

  • Pull the PR diff automatically from the URL
  • Check CI status and test results

If ~~project tracker is connected:

  • Link findings to related tickets
  • Verify the PR addresses the stated requirements

If ~~knowledge base is connected:

  • Check changes against team coding standards and style guides

Tips

  • Provide context — "This is a hot path" or "This handles PII" helps me focus.
  • Specify concerns — "Focus on security" narrows the review.
  • Include tests — I'll check test coverage and quality too.
0Installs
0Views

Supported Agents

Claude CodeCursorCodexGemini CLIAiderWindsurfOpenClaw

Attribution

anthropics
anthropics/knowledge-work-plugins
MITadmin

Details

License
MIT
Source
admin
Published
3/18/2026

Tags

engineering

Related Skills

Agent Protocol

Inter-agent communication protocol for C-suite agent teams. Defines invocation syntax, loop prevention, isolation rules, and response formats. Use when C-suite agents need to query each other, coordinate cross-functional analysis, or run board meetings with multiple agent roles.

90
Alireza Rezvani
#c-level#c-level advisor

CTO Advisor

Technical leadership guidance for engineering teams, architecture decisions, and technology strategy. Use when assessing technical debt, scaling engineering teams, evaluating technologies, making architecture decisions, establishing engineering metrics, or when user mentions CTO, tech debt, technical debt, team scaling, architecture decisions, technology evaluation, engineering metrics, DORA metrics, or technology strategy.

20
Alireza Rezvani
#c-level#c-level advisor

Agent Workflow Designer

Agent Workflow Designer

10
Alireza Rezvani
#engineering