Code Review Assistant
by @charlie-morrison
AI-powered code review assistant that analyzes pull requests for bugs, security issues, performance problems, and style violations with actionable feedback.
clawhub install cm-code-review-assistantπ About This Skill
name: code-review-assistant description: AI-powered code review assistant that analyzes pull requests for bugs, security issues, performance problems, and style violations with actionable feedback. metadata: tags: ["code-review", "pull-request", "quality", "security", "development"]
Code Review Assistant
Perform thorough AI-powered code reviews on pull requests or local changes. Analyzes diffs for bugs, security vulnerabilities, performance issues, maintainability concerns, and style violations. Provides actionable, specific feedback β not generic advice.
Usage
"Review the current PR"
"Review the changes on this branch vs main"
"Review these specific files for security issues"
"Do a deep review of the authentication changes"
How It Works
1. Gather Changes
Collect the diff and context:
# PR review
gh pr diff --color=neverBranch review
git diff main...HEADStaged changes
git diff --cached
Also gather:
2. Multi-Pass Analysis
Each pass focuses on a different concern:
Pass 1 β Correctness:
Pass 2 β Security:
Pass 3 β Performance:
Pass 4 β Maintainability:
Pass 5 β Testing:
3. Severity Classification
Each finding gets a severity:
4. Actionable Feedback
Every comment includes:
5. Summary
Overall assessment with:
Output
## Code Review SummaryRisk Level: π‘ Needs Changes (2 must-fix, 4 should-fix)
Files Reviewed: 12 files, +342/-89 lines
π΄ Must Fix
1. SQL Injection in user search β src/api/users.ts:47
The search query interpolates user input directly:
typescript
// Current (vulnerable)
db.query(SELECT * FROM users WHERE name LIKE '%${query}%')
// Fix: use parameterized query
db.query('SELECT * FROM users WHERE name LIKE $1', [%${query}%])
2. Race condition in balance update β src/services/wallet.ts:112-118
Read-then-write without transaction. Two concurrent requests
can both read the same balance and overwrite each other.
Fix: wrap in a database transaction with SELECT FOR UPDATE.π‘ Should Fix
3. N+1 query in order listing β src/api/orders.ts:23
Each order triggers a separate query for user details.
Use a JOIN or batch load users by ID.
4. Missing error handling β src/services/payment.ts:67
API call result is not checked for errors before accessing .data.
[...]
π Good Stuff
Clean separation of concerns in the new service layer
Comprehensive input validation on the registration endpoint
Good use of TypeScript discriminated unions for payment status π Follow-up (non-blocking)
Consider adding request rate limiting to the search endpoint
The formatDate utility is duplicated in 3 files β extract to shared utils
Configuration
The review depth adapts to PR size:
Integration
Works with:
gh CLI)glab CLI)git diff)git apply --stat)π‘ Examples
"Review the current PR"
"Review the changes on this branch vs main"
"Review these specific files for security issues"
"Do a deep review of the authentication changes"
βοΈ Configuration
The review depth adapts to PR size: