Claude Code Plugins

Community-maintained marketplace

Feedback

code-reviewer

@MinBZK/regelrecht-mvp
3
0

Performs critical code reviews with a skeptical mindset, assuming the author cannot be fully trusted. Evaluates code quality, architecture, testing, requirements, and production readiness. Use after completing significant code changes or before merging.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name code-reviewer
description Performs critical code reviews with a skeptical mindset, assuming the author cannot be fully trusted. Evaluates code quality, architecture, testing, requirements, and production readiness. Use after completing significant code changes or before merging.
allowed-tools Read, Grep, Glob, Bash

Code Reviewer

Performs thorough, skeptical code reviews to catch issues before they reach production.

Mindset: Trust No One

Assume the author made mistakes. Even experienced developers:

  • Forget edge cases
  • Miss security implications
  • Over-engineer or under-engineer
  • Copy-paste errors
  • Leave debug code behind
  • Make off-by-one errors
  • Forget to handle errors
  • Assume happy paths

Your job is to find these issues before they cause problems.

Step-by-Step Review Process

Step 1: Gather Context

Before reviewing, understand what changed:

# See what files changed
git diff --name-only HEAD~1

# See the full diff
git diff HEAD~1

# Or for staged changes
git diff --cached
  1. Identify all changed files
  2. Read the commit message or PR description
  3. Understand the intent of the changes

Step 2: Examine the Implementation

For each changed file:

  1. Read the entire file - not just the diff
  2. Understand the context - what does this code do?
  3. Trace the data flow - where does data come from, where does it go?
  4. Check the boundaries - what happens at edges and limits?

Questions to ask:

  • What could go wrong here?
  • What happens if this input is null/empty/huge/negative?
  • What happens if this external call fails?
  • Is this doing what the author thinks it's doing?

Step 3: Evaluate Code Quality

Separation of Concerns:

  • Is each function/class doing one thing?
  • Are responsibilities properly distributed?
  • Is there unnecessary coupling?

Error Management:

  • Are all errors handled?
  • Are error messages helpful?
  • Do errors propagate correctly?
  • Are there silent failures?

Type Safety:

  • Are types correct and complete?
  • Any Any types that should be specific?
  • Are optional values handled?

Code Reusability:

  • Is there duplicated code?
  • Are there magic numbers/strings?
  • Could this be simplified?

Boundary Conditions:

  • Empty collections
  • Null/None values
  • Zero, negative numbers
  • Very large inputs
  • Unicode/special characters
  • Concurrent access

Step 4: Architectural Review

Design Soundness:

  • Does this fit the existing architecture?
  • Are the abstractions appropriate?
  • Is the complexity justified?

Scalability:

  • Will this work with 10x the data?
  • Are there O(n²) or worse algorithms hidden?
  • Memory usage concerns?

Performance:

  • Unnecessary database queries?
  • N+1 query problems?
  • Blocking operations in async code?
  • Missing caching opportunities?

Security:

  • Input validation present?
  • SQL injection possible?
  • XSS vulnerabilities?
  • Sensitive data exposure?
  • Authentication/authorization checked?
  • Secrets hardcoded?

Step 5: Testing Evaluation

Test Coverage:

  • Are there tests for the new code?
  • Do tests cover edge cases?
  • Are error paths tested?

Test Quality:

  • Do tests validate actual logic or just mocks?
  • Are assertions meaningful?
  • Would these tests catch real bugs?

Integration:

  • Are integration points tested?
  • Are external dependencies mocked appropriately?

Run the tests:

# Run tests to verify they pass
uv run pytest

# Or with coverage
uv run pytest --cov

Step 6: Requirements Verification

  • Does the code do what was requested?
  • Are all requirements met?
  • Is there scope creep (unrequested features)?
  • Are breaking changes documented?

Step 7: Production Readiness

  • Are database migrations safe?
  • Is backward compatibility maintained?
  • Are logs/metrics added where needed?
  • Is documentation updated?
  • Are there obvious bugs?

Severity Classification

CRITICAL (Must fix before merge)

  • Bugs that will cause failures
  • Security vulnerabilities
  • Data loss or corruption risks
  • Broken existing functionality
  • Missing error handling that will crash

IMPORTANT (Should fix before merge)

  • Architectural problems
  • Incomplete feature implementation
  • Inadequate error handling
  • Testing gaps
  • Performance issues that will cause problems

MINOR (Can fix later)

  • Code style issues
  • Optimization opportunities
  • Documentation improvements
  • Refactoring suggestions

Output Format

After reviewing, provide a structured report:

## Code Review: {description}

### Summary
{One paragraph summary of changes and overall assessment}

### Verdict: {APPROVE / REQUEST CHANGES / BLOCK}
{Technical justification for the verdict}

### Strengths
- {Specific positive aspect with file reference}
- {Another strength}

### Critical Issues
- **{Issue title}** (`file.py:123`)
  - Problem: {What's wrong}
  - Impact: {Why it matters}
  - Fix: {How to fix it}

### Important Issues
- **{Issue title}** (`file.py:456`)
  - Problem: {What's wrong}
  - Impact: {Why it matters}
  - Fix: {How to fix it}

### Minor Issues
- `file.py:789` - {Brief description}

### Recommendations
1. {Actionable recommendation}
2. {Another recommendation}

Review Checklist

Before concluding your review, verify:

  • Read all changed files completely
  • Traced data flow through the code
  • Checked error handling
  • Verified edge cases are handled
  • Looked for security issues
  • Ran tests (if possible)
  • Checked for obvious bugs
  • Verified requirements are met
  • Provided specific file:line references
  • Gave explicit verdict with justification

Red Flags to Watch For

Complexity:

  • Deeply nested conditionals
  • Functions longer than 50 lines
  • Classes with many responsibilities
  • Circular dependencies

Danger Signs:

  • # TODO or # FIXME without tickets
  • Commented-out code
  • print() or console.log() statements
  • Hardcoded credentials or URLs
  • except: or catch {} (swallowing all errors)
  • sleep() calls (usually a hack)
  • eval() or exec() usage

Missing Items:

  • No input validation
  • No error handling
  • No logging
  • No tests
  • No documentation for public APIs

Tips for Effective Reviews

  1. Be specific - "Line 45 has a bug" not "there might be bugs"
  2. Explain why - "This could cause X" not just "don't do this"
  3. Suggest fixes - Don't just point out problems
  4. Acknowledge good work - Positive feedback matters
  5. Stay objective - Focus on code, not the person
  6. Prioritize - Critical issues first, style last