Dotnet-skills dotnet-code-review

Review .NET changes for bugs, regressions, architectural drift, missing tests, incorrect async or disposal behavior, and platform-specific pitfalls before you approve or merge them.

install

source · Clone the upstream repo

git clone https://github.com/managedcode/dotnet-skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/managedcode/dotnet-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/catalog/Platform/Code-Review/skills/dotnet-code-review" ~/.claude/skills/managedcode-dotnet-skills-dotnet-code-review && rm -rf "$T"

manifest: catalog/Platform/Code-Review/skills/dotnet-code-review/SKILL.md

source content

.NET Code Review

Trigger On

reviewing a pull request or patch in a .NET repository
checking for behavioral regressions, API misuse, or missing tests
auditing architectural or framework-specific correctness

References

checklist.md - comprehensive code review checklist organized by risk priority
patterns.md - common patterns and anti-patterns for async, disposal, and security

Workflow

Prioritize correctness, data loss, concurrency, security, lifecycle, and platform-compatibility issues before style concerns. Use the checklist P0-P2 categories first.
Check async flows, cancellation propagation, exception handling, disposal, and transient versus singleton lifetime mistakes. Refer to patterns.md for common pitfalls.
Verify tests cover the changed behavior, not only the happy path or refactored implementation details.
Inspect framework-specific boundaries such as EF query translation, ASP.NET middleware order, Blazor render state, or MAUI UI-thread access.
Call out missing observability, migration risk, or runtime configuration drift when those are part of the change.
Keep findings concrete, reproducible, and tied to specific files or behavior.

Key Review Patterns

Async Code

Async must propagate through the entire call chain; never use
```
.Result
```
,
```
.Wait()
```
, or
```
.GetAwaiter().GetResult()
```
in async contexts
Always propagate
```
CancellationToken
```
parameters
Use
```
ConfigureAwait(false)
```
in library code
Never use
```
async void
```
except for event handlers

Resource Disposal

Use
```
using
```
declarations or statements for all
```
IDisposable
```
resources
Use
```
await using
```
for
```
IAsyncDisposable
```
resources
Use
```
IHttpClientFactory
```
instead of creating
```
HttpClient
```
directly
Unsubscribe event handlers to prevent memory leaks
Validate DI service lifetimes to prevent captured dependencies

Security

Use parameterized queries or EF to prevent SQL injection
Validate all user input at system boundaries
Prevent path traversal by validating resolved paths stay within allowed directories
Never hardcode secrets; use configuration and secret management
Enforce authorization checks before accessing protected resources

Deliver

ranked review findings with file references
clear residual risks and test gaps
brief summary of what changed only after findings

Validate

findings describe user-visible or maintainability-impacting risk
assumptions are stated when repo context is incomplete
no trivial style nit hides a more serious issue