🎁 Get the FREE AI Skills Starter GuideSubscribe →
BytesAgainBytesAgain
🦀 ClawHub

Code Review Checklist

by @harrylabsj

代码审查清单 - A comprehensive code review checklist and guidance tool. Use when user asks about 代码审查、代码检查、PR review、代码质量, or wants to conduct or prepare for a cod...

Versionv1.0.0
Downloads211
TERMINAL
clawhub install code-review-checklist

📖 About This Skill


name: code-review-checklist description: 代码审查清单 - A comprehensive code review checklist and guidance tool. Use when user asks about 代码审查、代码检查、PR review、代码质量, or wants to conduct or prepare for a code review. Provides systematic checklist items and best practices.

Code Review Checklist (代码审查清单)

Overview

This skill provides a systematic approach to code reviews. It offers comprehensive checklist items across multiple dimensions of code quality, helps reviewers focus on high-impact areas, and guides developers in preparing code for review. Designed to make code reviews more efficient and thorough.

When to Use This Skill

  • Preparing code for pull request review
  • Conducting a code review as a reviewer
  • Self-reviewing own code before submission
  • Establishing code review standards for a team
  • Training new developers on review best practices
  • Auditing code quality in a codebase
  • What This Skill Provides

    1. Predefined Checklists

    Comprehensive checklist items organized by category:
  • Code correctness and logic
  • Code style and readability
  • Performance and efficiency
  • Security considerations
  • Error handling
  • Testing coverage
  • Documentation
  • Architecture and design patterns
  • 2. Review Guidance

  • What to look for in each category
  • Red flags and common issues
  • Best practices specific to language/framework
  • Questions to ask the author
  • 3. Review Workflow

  • Systematic approach to reviewing
  • Priority ordering of checks
  • Time allocation guidance
  • Documentation requirements
  • Checklist Categories

    1. Correctness & Logic

  • [ ] Code produces expected output
  • [ ] Edge cases are handled
  • [ ] No off-by-one errors
  • [ ] Logic is sound and complete
  • [ ] No infinite loops or recursion issues
  • [ ] Proper use of data structures
  • 2. Code Style & Readability

  • [ ] Follows project coding standards
  • [ ] Naming is clear and descriptive
  • [ ] Functions are appropriately sized
  • [ ] Code is not duplicated (DRY principle)
  • [ ] Complex logic has comments
  • [ ] Formatting is consistent
  • 3. Performance & Efficiency

  • [ ] No unnecessary loops or iterations
  • [ ] Proper use of caching when applicable
  • [ ] Database queries are optimized
  • [ ] No memory leaks
  • [ ] Appropriate algorithmic complexity
  • [ ] Resources are properly released
  • 4. Security

  • [ ] Input validation on all user inputs
  • [ ] No SQL injection vulnerabilities
  • [ ] No XSS vulnerabilities
  • [ ] Secrets not hardcoded
  • [ ] Proper authentication/authorization
  • [ ] Sensitive data properly protected
  • [ ] No security misconfigurations
  • 5. Error Handling

  • [ ] Errors are caught and handled appropriately
  • [ ] Error messages are user-friendly
  • [ ] No empty catch blocks
  • [ ] Logging is appropriate
  • [ ] Graceful degradation where needed
  • [ ] No exposing internal error details
  • 6. Testing

  • [ ] Unit tests exist for new code
  • [ ] Tests cover happy path and edge cases
  • [ ] Tests are maintainable
  • [ ] Mock usage is appropriate
  • [ ] Test coverage meets requirements
  • [ ] No flaky tests introduced
  • 7. Documentation

  • [ ] Public APIs are documented
  • [ ] Complex logic has comments
  • [ ] README updated if needed
  • [ ] API changes are documented
  • [ ] Breaking changes are noted
  • 8. Architecture & Design

  • [ ] Follows project architecture patterns
  • [ ] Single Responsibility Principle followed
  • [ ] Dependencies are properly injected
  • [ ] Coupling is minimized
  • [ ] Changes are localized appropriately
  • [ ] No tech debt introduced unnecessarily
  • Language-Specific Considerations

    JavaScript/TypeScript

  • Proper async/await usage
  • TypeScript types are correct
  • No 'any' type abuse
  • ESLint rules followed
  • Python

  • PEP 8 compliance
  • Type hints where appropriate
  • Docstrings for public functions
  • No deprecated imports
  • Java

  • Null safety considerations
  • Resource management (try-with-resources)
  • Stream API usage
  • Concurrent access considerations
  • Go

  • Error handling conventions
  • Goroutine leak prevention
  • Context usage
  • Naming conventions
  • Review Workflow

    Step 1: Context (2-3 min)

  • Read PR description and motivation
  • Understand what changed and why
  • Check related issues or docs
  • Step 2: Overview (3-5 min)

  • Scan changed files
  • Identify high-risk areas
  • Note files needing deep review
  • Step 3: Detailed Review (15-30 min)

  • Follow checklist by priority
  • Comment on issues found
  • Ask clarifying questions
  • Suggest improvements
  • Step 4: Summary (3-5 min)

  • Summarize findings
  • Categorize issues (Blocking/Suggestion/Question)
  • Approve or request changes
  • Usage Examples

    As a Reviewer

    "用代码审查清单检查这个PR"
    "帮我审查这个函数的逻辑"
    "检查这段代码有没有安全问题"
    "看看这个文件有哪些可以改进的地方"
    

    As a Developer

    "帮我准备代码审查"
    "自审查这份代码,有什么遗漏?"
    "检查这段代码的测试覆盖"
    "这个代码符合项目规范吗?"
    

    For Team Standards

    "生成一个代码审查检查清单"
    "我们团队的代码审查标准是什么?"
    "前端代码审查有什么特殊要求?"
    

    Output Format

    For each review, output:

    ## Code Review: [PR/Change Title]

    Summary

  • Files changed: X
  • Lines added/removed: +X/-X
  • Risk level: [Low/Medium/High]
  • Findings

    #### 🔴 Blocking Issues

  • [Issue description] - [File:Line] - [Suggestion]
  • #### 🟡 Suggestions

  • [Suggestion] - [File:Line]
  • #### 🟢 Good Practices Noted

  • [Positive observation]
  • Checklist Status

  • [x] Correctness
  • [x] Style
  • [ ] Security (needs work)
  • [x] Performance
  • Recommendation

    [Approve / Request Changes / Discuss]

    Action Items

  • [ ] Item 1
  • [ ] Item 2
  • Integration with Development Workflow

    This skill integrates with:

  • github — For reviewing PRs directly
  • coding-agent — For automated code quality checks
  • opencli — For running linters and formatters
  • Limitations

  • Cannot execute code to verify correctness
  • Cannot know full system context
  • Best practices may vary by project
  • Language-specific items may be incomplete for niche languages
  • Acceptance Criteria

    1. ✓ Provides comprehensive checklist coverage 2. ✓ Can customize for different languages/frameworks 3. ✓ Identifies common issues efficiently 4. ✓ Helps categorize issue severity 5. ✓ Provides actionable feedback 6. ✓ Saves time in review process 7. ✓ Helps developers learn and improve