{"manifest":{"name":"Code Reviewer","version":"1.0.0","description":"Multi-perspective code review: correctness, security (OWASP), performance, and maintainability. Outputs severity-ranked findings with fix suggestions.","tags":["code-review","security","quality","devtools"],"standard":"agentskills.io","standard_version":"1.0","content_checksum":"9befd01b2dc6394fb11be8b71a7a95081910a126cdb71cfaedcd5f513051d20d","bundle_checksum":null,"metadata":{},"files":[]},"files":{"SKILL.md":"# Code Reviewer\n\n> **Purpose:** Perform a multi-perspective code review on staged git changes or a specific file, identifying bugs, security issues, performance problems, and style violations.\n\n---\n\n## Invocation\n\n```\n/review [file_or_path]\n```\n\nIf no path is given, review all staged changes (`git diff --cached`).\n\n---\n\n## Review Perspectives\n\n### 1. Correctness\n- Off-by-one errors, null/undefined access, race conditions\n- Missing error handling on async operations\n- Incorrect boolean logic or edge cases\n- Type mismatches or unsafe casts\n\n### 2. Security (OWASP Top 10)\n- SQL injection via string concatenation\n- XSS through unescaped user input in HTML\n- Missing authentication/authorization checks\n- Hardcoded secrets, API keys, or tokens\n- Insecure deserialization or eval usage\n- Path traversal in file operations\n\n### 3. Performance\n- N+1 query patterns in loops\n- Missing database indexes for frequent queries\n- Unbounded data fetches (no LIMIT/pagination)\n- Synchronous blocking in async contexts\n- Memory leaks (event listeners, timers, subscriptions not cleaned up)\n\n### 4. Maintainability\n- Functions longer than 50 lines\n- Deeply nested conditionals (> 3 levels)\n- Magic numbers without named constants\n- Dead code or unreachable branches\n- Missing or misleading variable names\n\n---\n\n## Output Format\n\nFor each finding, report:\n\n```\n[SEVERITY] Category — file:line\nDescription of the issue.\nSuggested fix: ...\n```\n\nSeverity levels:\n- **CRITICAL** — Security vulnerability or data loss risk. Must fix before merge.\n- **HIGH** — Bug that will cause incorrect behavior. Should fix before merge.\n- **MEDIUM** — Performance or maintainability concern. Fix soon.\n- **LOW** — Style or minor improvement. Optional.\n\n---\n\n## Summary\n\nEnd with a summary table:\n\n| Severity | Count |\n|----------|-------|\n| Critical | 0 |\n| High | 2 |\n| Medium | 3 |\n| Low | 1 |\n\n**Verdict:** APPROVE / REQUEST CHANGES / BLOCK\n\n---\n\n## Rules\n- Never approve code with CRITICAL findings\n- Flag any TODO/FIXME added without a linked issue\n- Verify test coverage exists for new public functions\n- Check that error messages don't leak internal details\n\n## Playground\n\n
Code ReviewerExample · SkillSlap
Input: Python function
def calculate_discount(price, discount):\n    if discount > 1:\n        return price * discount  # bug\n    return price - (price * discount)\n\nresult = calculate_discount(100, 20)\nprint(result)  # prints -1900
Output: Review
🔴 Bug (line 3)\nDiscount >1 branch multiplies instead\nof applying it. discount=20 → -1900.\n\n🟡 Naming (line 1)\n`discount` ambiguous — fraction (0.2)\nor percentage (20)?\n\n🟡 Missing guard\nNo validation: negative price or\ndiscount >100% not handled.\n\n✅ Fix\ndef calculate_discount(price, pct):\n    if not 0 <= pct <= 100:\n        raise ValueError(pct)\n    return price * (1 - pct / 100)
"}}