Code Review Pro

1---2name: code-review-pro3description: Comprehensive code review covering security vulnerabilities, performance bottlenecks, best practices, and refactoring opportunities. Use when user requests code review, security audit, or performance analysis.4---5 6# Code Review Pro7 8Deep code analysis covering security, performance, maintainability, and best practices.9 10## When to Use This Skill11 12Activate when the user:13- Asks for a code review14- Wants security vulnerability scanning15- Needs performance analysis16- Asks to "review this code" or "audit this code"17- Mentions finding bugs or improvements18- Wants refactoring suggestions19- Requests best practice validation20 21## Instructions22 231. **Security Analysis (Critical Priority)**24   - SQL injection vulnerabilities25   - XSS (cross-site scripting) risks26   - Authentication/authorization issues27   - Secrets or credentials in code28   - Unsafe deserialization29   - Path traversal vulnerabilities30   - CSRF protection31   - Input validation gaps32   - Insecure cryptography33   - Dependency vulnerabilities34 352. **Performance Analysis**36   - N+1 query problems37   - Inefficient algorithms (check Big O complexity)38   - Memory leaks39   - Unnecessary re-renders (React/Vue)40   - Missing indexes (database queries)41   - Blocking operations42   - Resource cleanup (file handles, connections)43   - Caching opportunities44   - Excessive network calls45   - Large bundle sizes46 473. **Code Quality & Maintainability**48   - Code duplication (DRY violations)49   - Function/method length (should be <50 lines)50   - Cyclomatic complexity51   - Unclear naming52   - Missing error handling53   - Inconsistent style54   - Missing documentation55   - Hard-coded values that should be constants56   - God classes/functions57   - Tight coupling58 594. **Best Practices**60   - Language-specific idioms61   - Framework conventions62   - SOLID principles63   - Design patterns usage64   - Testing approach65   - Logging and monitoring66   - Accessibility (for UI code)67   - Type safety68   - Null/undefined handling69 705. **Bugs and Edge Cases**71   - Logic errors72   - Off-by-one errors73   - Race conditions74   - Null pointer exceptions75   - Unhandled edge cases76   - Timezone issues77   - Encoding problems78   - Floating point precision79 806. **Provide Actionable Fixes**81   - Show specific code changes82   - Explain why change is needed83   - Include before/after examples84   - Prioritize by severity85 86## Output Format87 88```markdown89# Code Review Report90 91## 🚨 Critical Issues (Fix Immediately)92### 1. SQL Injection Vulnerability (line X)93**Severity**: Critical94**Issue**: User input directly concatenated into SQL query95**Impact**: Database compromise, data theft96 97**Current Code:**98```javascript99const query = `SELECT * FROM users WHERE email = '${userEmail}'`;100```101 102**Fixed Code:**103```javascript104const query = 'SELECT * FROM users WHERE email = ?';105db.query(query, [userEmail]);106```107 108**Explanation**: Always use parameterized queries to prevent SQL injection.109 110## ⚠️ High Priority Issues111### 2. Performance: N+1 Query Problem (line Y)112[Details...]113 114## 💡 Medium Priority Issues115### 3. Code Quality: Function Too Long (line Z)116[Details...]117 118## ✅ Low Priority / Nice to Have119### 4. Consider Using Const Instead of Let120[Details...]121 122## 📊 Summary123- **Total Issues**: 12124  - Critical: 2125  - High: 4126  - Medium: 4127  - Low: 2128 129## 🎯 Quick Wins130Changes with high impact and low effort:1311. [Fix 1]1322. [Fix 2]133 134## 🏆 Strengths135- Good error handling in X136- Clear naming conventions137- Well-structured modules138 139## 🔄 Refactoring Opportunities1401. **Extract Method**: Lines X-Y could be extracted into `calculateDiscount()`1412. **Remove Duplication**: [specific code blocks]142 143## 📚 Resources144- [OWASP SQL Injection Guide](https://...)145- [Performance Best Practices](https://...)146```147 148## Examples149 150**User**: "Review this authentication code"151**Response**: Analyze auth logic → Identify security issues (weak password hashing, no rate limiting) → Check token handling → Note missing CSRF protection → Provide specific fixes with code examples → Prioritize by severity152 153**User**: "Can you find performance issues in this React component?"154**Response**: Analyze component → Identify unnecessary re-renders → Find missing useMemo/useCallback → Note large state objects → Check for expensive operations in render → Provide optimized version with explanations155 156**User**: "Review this API endpoint"157**Response**: Check input validation → Analyze error handling → Test for SQL injection → Review authentication → Check rate limiting → Examine response structure → Suggest improvements with code samples158 159## Best Practices160 161- Always prioritize security issues first162- Provide specific line numbers for issues163- Include before/after code examples164- Explain *why* something is a problem165- Consider the language/framework context166- Don't just criticize—acknowledge good code too167- Suggest gradual improvements for large refactors168- Link to documentation for recommendations169- Consider project constraints (legacy code, deadlines)170- Balance perfectionism with pragmatism171- Focus on impactful changes172- Group similar issues together173- Make recommendations actionable