Claude Code Plugins

Community-maintained marketplace

Feedback

code-review-checklist

@htooayelwinict/claude-config
0
0

|

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name code-review-checklist
description Review code changes for correctness, security, performance, and maintainability. Use for PR reviews, code audits, pre-merge checks, or quality validation of Laravel + React code. EXCLUSIVE to reviewer agent.
allowed-tools Read, Grep, Glob, Bash

Code Review Checklist

Exclusive to: reviewer agent

Validation Loop (MANDATORY)

Before completing any review, verify the codebase passes all checks:

composer test           # All PHP tests pass
npm run types          # No TypeScript errors
npm run lint           # No linting errors
./vendor/bin/pint --test  # PHP style OK

Report any failures as Critical findings.

Instructions

  1. Review against project standards in docs/code-standards.md
  2. Run through the checklist below
  3. Report issues by severity (Critical โ†’ Warning โ†’ Suggestion)

Review Checklist

โœ… Correctness

  • Logic handles edge cases
  • Error handling is appropriate
  • Types are correct (no any unless justified)
  • Tests cover new/changed behavior
  • No dead code or unused imports

๐Ÿ”’ Security (OWASP)

  • No secrets or credentials in code
  • User input validated and sanitized
  • Authorization checks in place
  • No SQL injection (use Eloquent/query builder)
  • No XSS (proper escaping, sanitization)
  • CSRF protection enabled
  • Rate limiting considered

โšก Performance

  • No N+1 queries (use eager loading: with())
  • No unnecessary database calls
  • Large datasets are paginated
  • Indexes exist for filtered/joined columns

๐Ÿงน Maintainability

  • Follows patterns in docs/code-standards.md
  • Names are clear and consistent
  • No unnecessary complexity
  • DRY โ€” no copy-paste duplication

๐ŸŽจ Frontend

  • Uses existing shadcn/ui components
  • Loading and error states handled
  • Accessible (keyboard, labels, contrast)
  • Responsive (mobile + desktop)

๐Ÿ“ Documentation

  • Code comments for non-obvious logic
  • Docs updated if behavior changed
  • Types documented with JSDoc if complex

Laravel Security Checks

Check Verify
Mass assignment $fillable or $guarded defined
Authorization Policy or Gate used
Validation FormRequest with rules
CSRF @csrf in forms
SQL injection No raw queries with user input

React Security Checks

Check Verify
XSS No dangerouslySetInnerHTML
Props TypeScript interfaces used
Secrets No sensitive data in client

Severity Guide

Level Criteria Action
๐Ÿšจ Critical Security flaw, data loss, breaks functionality Block merge
โš ๏ธ Warning Performance issue, code smell, missing test Request fix
๐Ÿ’ก Suggestion Style improvement, better pattern Optional

Output Format

## ๐Ÿ” Review Summary
[One paragraph overview]

## ๐Ÿšจ Critical (must fix)
1. [Issue]: [File:Line] โ€” [Why critical]

## โš ๏ธ Warnings (should fix)
1. [Issue]: [File:Line] โ€” [Recommendation]

## ๐Ÿ’ก Suggestions (nice to have)
1. [Suggestion]: [File:Line] โ€” [Improvement]

## โœ… What's Good
- [Positive observation]

Examples

  • "Review this PR before merge"
  • "Check this code for security issues"
  • "Audit changes for performance"