askill
code-review

code-reviewSafety --Repository

Comprehensive code review for quality, security, and maintainability. Use after writing or modifying code, before commits, and before PRs.

code-reviewfernando-fernandez3
0 stars
1.2k downloads
Updated 1/25/2026

Package Files

Loading files...
SKILL.md

Code Review

Comprehensive security and quality review of uncommitted changes.

Quick Start

# Get changed files
git diff --name-only HEAD

# Get full diff
git diff HEAD

Review Checklist

Security Issues (CRITICAL - Block commit)

  • Hardcoded credentials, API keys, tokens
  • SQL injection (string concatenation in queries)
  • Command injection (shell=True with user input)
  • Path traversal (user-controlled file paths)
  • Missing input validation
  • Unsafe deserialization (pickle, yaml.load)
  • Exposed secrets in logs

Code Quality (HIGH)

  • Functions > 50 lines → extract smaller functions
  • Files > 500 lines → split into modules
  • Nesting depth > 4 levels → refactor
  • Missing error handling (bare except, swallowed exceptions)
  • print() statements (use logging instead)
  • TODO/FIXME without context
  • Missing type hints on public functions

Best Practices (MEDIUM)

  • Mutation patterns (prefer immutable)
  • Missing docstrings on public APIs
  • Unused imports/variables
  • Magic numbers without constants
  • Inconsistent naming conventions

Python-Specific

  • Using is for value comparison (use ==)
  • Mutable default arguments (def fn(lst=[]))
  • Not using context managers for files
  • Catching too broad exceptions (bare except:)
  • Not using f-strings

Correctness

  • Logic errors or edge cases not handled
  • Off-by-one errors in loops/indices
  • Null/None checks where needed
  • Error handling coverage

Performance

  • Unnecessary loops or repeated operations
  • N+1 query problems
  • Large objects held in memory
  • Missing caching for expensive operations

Review Output Format

For each issue found:

[CRITICAL] Hardcoded API key
File: src/api/client.py:42
Issue: API key exposed in source code
Fix: Move to environment variable

api_key = "sk-abc123"  # ❌ Bad
api_key = os.environ.get("API_KEY")  # ✅ Good

Approval Criteria

  • Approve: No CRITICAL or HIGH issues
  • ⚠️ Approve with comments: MEDIUM issues only
  • Request changes: CRITICAL or HIGH issues found

Automated Checks

# Run linter
ruff check .

# Run type checker
mypy src/

# Run security scanner
bandit -r src/

# Run tests
pytest -v

# Check for secrets
git diff --cached | grep -iE "(api[_-]?key|password|secret|token)\s*="

Review Report Template

## Code Review Summary

**Files Changed:** X
**Lines Added:** +Y
**Lines Removed:** -Z

### Blocking Issues (CRITICAL/HIGH)
- [ ] [Description] @ `file:line`

### Suggestions (MEDIUM/LOW)
- [ ] [Description] @ `file:line`

### Approval Status
🔴 BLOCKED / 🟡 APPROVED WITH COMMENTS / 🟢 APPROVED

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

AI review pending.

Metadata

Licenseunknown
Version-
Updated1/25/2026
Publisherfernando-fernandez3

Tags

apidatabaselintingobservabilitysecuritytesting