OpenSkillIndex← back to search
claude-code

Awesome-omni-skill software-code-review

Use when reviewing code, pull requests, or diffs. Provides patterns, checklists, and templates for systematic code review with a focus on correctness, security, readability, performance, and maintainability.

install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/development/software-code-review" ~/.claude/skills/diegosouzapw-awesome-omni-skill-software-code-review-12e828 && rm -rf "$T"
manifest: skills/development/software-code-review/SKILL.md
source content

Code Reviewing Skill — Quick Reference

This skill provides operational checklists and prompts for structured code review across languages and stacks. Use it when the primary task is reviewing existing code rather than designing new systems.

Quick Reference

Review TypeFocus AreasKey ChecklistWhen to Use
Security ReviewAuth, input validation, secrets, OWASP Top 10software-security-appsecSecurity-critical code, API endpoints
Supply Chain ReviewDependencies, lockfiles, licenses, SBOM, CI policiesdev-dependency-managementDependency bumps, build/CI changes
Performance ReviewN+1 queries, algorithms, caching, hot pathsDB queries, loops, memory allocationHigh-traffic features, bottlenecks
Correctness ReviewLogic, edge cases, error handling, testsBoundary conditions, null checks, retriesBusiness logic, data transformations
Maintainability ReviewNaming, complexity, duplication, readabilityFunction length, naming clarity, DRYComplex modules, shared code
Test ReviewCoverage, edge cases, flakiness, assertionsTest quality, missing scenariosNew features, refactors
Frontend ReviewAccessibility, responsive design, performancefrontend-review.mdUI/UX changes
Backend ReviewAPI design, error handling, database patternsapi-review.mdAPI endpoints, services
Blockchain ReviewReentrancy, access control, gas optimizationcrypto-review.mdSmart contracts, DeFi protocols

Specialized: .NET/EF Core Crypto Integration

Skip unless reviewing C#/.NET crypto/fintech services using Entity Framework Core.

For C#/.NET crypto/fintech services using Entity Framework Core, see:

Key rules summary:

  • Review only new/modified code in the MR
  • Use 
    decimal
    for financial values, UTC for dates
  • Follow 
    CC-SEC-03
    (no secrets in code) and 
    CC-OBS-02
    (no sensitive data in logs)
  • Async for I/O, pass 
    CancellationToken
    , avoid 
    .Result
    /
    .Wait()
    (see 
    CC-ERR-04
    , 
    CC-FLOW-03
    )
  • EF Core: 
    AsNoTracking
    for reads, avoid N+1, no dynamic SQL
  • Result<T>
    pattern for explicit success/fail

When to Use This Skill

Invoke this skill when the user asks to:

  • Review a pull request or diff for issues
  • Audit code for security vulnerabilities or injection risks
  • Improve readability, structure, and maintainability
  • Suggest targeted refactors without changing behavior
  • Validate tests and edge-case coverage

When NOT to Use This Skill

Decision Tree: Selecting Review Mode

Code review task: [What to Focus On?]
    ├─ Security-critical changes?
    │   ├─ Auth/access control → Security Review (OWASP, auth patterns)
    │   ├─ User input handling → Input validation, XSS, SQL injection
    │   └─ Smart contracts → Blockchain Review (reentrancy, access control)
    │
    ├─ Performance concerns?
    │   ├─ Database queries → Check for N+1, missing indexes
    │   ├─ Loops/algorithms → Complexity analysis, caching
    │   └─ API response times → Profiling, lazy loading
    │
    ├─ Correctness issues?
    │   ├─ Business logic → Edge cases, error handling, tests
    │   ├─ Data transformations → Boundary conditions, null checks
    │   └─ Integration points → Retry logic, timeouts, fallbacks
    │
    ├─ Maintainability problems?
    │   ├─ Complex code → Naming, function length, duplication
    │   ├─ Hard to understand → Comments, abstractions, clarity
    │   └─ Technical debt → Refactoring suggestions
    │
    ├─ Test coverage gaps?
    │   ├─ New features → Happy path + error cases
    │   ├─ Refactors → Regression tests
    │   └─ Bug fixes → Reproduction tests
    │
    └─ Stack-specific review?
        ├─ Frontend → [frontend-review.md](assets/web-frontend/frontend-review.md)
        ├─ Backend → [api-review.md](assets/backend-api/api-review.md)
        ├─ Mobile → [mobile-review.md](assets/mobile/mobile-review.md)
        ├─ Infrastructure → [infrastructure-review.md](assets/infrastructure/infrastructure-review.md)
        └─ Blockchain → [crypto-review.md](assets/blockchain/crypto-review.md)

Multi-Mode Reviews:

For complex PRs, apply multiple review modes sequentially:

  1. Security first (P0/P1 issues)
  2. Correctness (logic, edge cases)
  3. Performance (if applicable)
  4. Maintainability (P2/P3 suggestions)

Async Review Workflows (2026)

Timezone-Friendly Reviews

PracticeImplementation
Review windowsDefine 4-hour overlap windows
Review rotationAssign reviewers across timezones
Async communicationUse PR comments, not DMs
Review SLAs24-hour initial response, 48-hour completion

Non-Blocking Reviews

PR Submitted -> Auto-checks (CI) -> Async Review -> Merge
       |              |               |
  Author continues   If green,    Reviewer comments
  on other work      queue for    when available
                     review

Anti-patterns:

  • Synchronous review meetings for routine PRs
  • Blocking on reviewer availability for non-critical changes
  • Single reviewer bottleneck

Review Prioritization Matrix

PriorityCriteriaSLA
P0Security fix, production incident4 hours
P1Bug fix, blocking dependency24 hours
P2Feature work, tech debt48 hours
P3Documentation, refactoring72 hours

Optional: AI/Automation Extensions

Note: AI-assisted review tools. Human review remains authoritative.

AI Review Assistants

ToolUse CaseLimitation
GitHub Copilot PRSummary, suggestionsMay miss context
CodeRabbitAutomated PR review commentsRequires human validation
QodoTest generation + review, 15+ workflowsEnterprise pricing
OpenAI CodexSystem-level codebase contextAPI integration required
AWS Security AgentOWASP Top 10, policy violationsPreview only (2026)
Endor Labs AI SASTAI-assisted SASTSecurity-focused
GraphitePR stacking, stack-aware merge queueProcess, not content

AI assistant rules:

  • AI suggestions are advisory only
  • Human reviewer approves/rejects
  • AI cannot bypass security review
  • AI findings require manual verification

AI Review Checklist

  • AI suggestions validated against codebase patterns
  • AI-flagged issues manually confirmed
  • False positives documented for tool improvement
  • Human reviewer explicitly approved

Simplicity and Complexity Control

  • Prefer existing, battle-tested libraries over bespoke implementations when behavior is identical.
  • Flag avoidable complexity early: remove dead/commented-out code, collapse duplication, and extract single-responsibility helpers.
  • Call out premature optimization; favor clarity and measured, evidence-based tuning.
  • Encourage incremental refactors alongside reviews to keep modules small, predictable, and aligned to standards.

Operational Playbooks

Shared Foundation

Code Review Specific

Default Review Output (Agent-Facing)

When producing a review, default to:

  • Short summary of intent + risk
  • Findings grouped by 
    P0
    /
    P1
    /
    P2
    /
    P3
    (mark REQUIRED vs OPTIONAL)
  • Concrete suggestions (minimal diffs or test cases)
  • Follow-up questions when requirements or constraints are unclear

Use assets/core/review-comment-guidelines.md for comment style and labeling.

Navigation

Resources

Templates

Data

Trend Awareness Protocol

IMPORTANT: When users ask recommendation questions about code review tools, practices, or automation, you MUST use WebSearch to check current trends before answering.

Trigger Conditions

  • "What's the best code review tool?"
  • "What should I use for [automated code review/PR automation]?"
  • "What's the latest in code review practices?"
  • "Current best practices for [code review/PR workflow]?"
  • "Is [GitHub Copilot PR/CodeRabbit] still relevant in 2026?"
  • "[CodeRabbit] vs [Graphite] vs [other]?"
  • "Best AI code review assistant?"

Required Searches

  1. Search: 
    "code review best practices 2026"
  2. Search: 
    "[specific tool] vs alternatives 2026"
  3. Search: 
    "AI code review tools January 2026"
  4. Search: 
    "PR automation trends 2026"

What to Report

After searching, provide:

  • Current landscape: What code review tools/practices are popular NOW
  • Emerging trends: New AI assistants, PR tools, or review patterns gaining traction
  • Deprecated/declining: Tools/approaches losing relevance or support
  • Recommendation: Based on fresh data, not just static knowledge

Example Topics (verify with fresh search)

  • AI code review (GitHub Copilot PR, CodeRabbit, Cursor)
  • PR automation (Graphite, Stacked PRs, merge queues)
  • Code review platforms (GitHub, GitLab, Bitbucket)
  • Review bots and automation
  • Async review practices for distributed teams
  • Review metrics and analytics tools