goudantest
by @gou1995
Advanced code review assistant with intelligent analysis, multi-language support, and structured feedback. Performs comprehensive reviews covering correctnes...
clawhub install goudantest📖 About This Skill
name: code-review-v2 description: Advanced code review assistant with intelligent analysis, multi-language support, and structured feedback. Performs comprehensive reviews covering correctness, security, performance, maintainability, and observability. Use when reviewing pull requests, code changes, conducting security audits, performance reviews, or when the user requests detailed code analysis. Supports Python, JavaScript/TypeScript, Java, Go, Rust, C#, Ruby, PHP.
Code Review v2
Intelligent Review Workflow
Phase 1: Context Analysis
Before reviewing code, understand the context:1. Identify change scope: What files/modules are affected? 2. Understand intent: Read PR description, linked issues, commit messages 3. Assess risk level: -🔴High**: Core logic, auth, payment, data handling, public APIs -Medium**: Business logic, internal APIs, utilities -Low**: Tests, docs, config, minor refactoring 4. Determine review depth based on risk level
Phase 2: Automated Analysis
Run these checks mentally before manual review:□ Static analysis patterns (type mismatches, unused imports, dead code)
□ Security patterns (injection, unsafe deserialization, hardcoded secrets)
□ Performance patterns (N+1 queries, unbounded loops, missing indexes)
□ Concurrency patterns (race conditions, deadlocks, missing synchronization)
Phase 3: Manual Review
Follow the CHECKLIST.md for systematic review.Phase 4: Feedback Generation
Use templates from TEMPLATES.md for structured feedback.Quick Reference: Review Dimensions
| Dimension | Focus Area | Key Questions | |-----------|-----------|---------------| | Correctness | Logic, edge cases | Does it work correctly in all scenarios? | | Security | Vulnerabilities, data protection | Are there security risks or data leaks? | | Performance | Efficiency, resource usage | Will this scale? Any bottlenecks? | | Maintainability | Readability, structure | Can others understand and modify this? | | Observability | Logging, monitoring, debugging | Can we detect and diagnose issues? | | Testing | Coverage, quality | Are changes adequately tested? |
Severity Classification
| Level | Icon | When to Use | Response Required | |-------|------|-------------|-------------------| | Blocker | Security vulnerability, data loss, crash | Must fix before merge | | Critical |🔴 Bug, incorrect logic, broken functionality | Must fix before merge | | Warning | Code smell, suboptimal pattern, minor issue | Should address | | Suggestion |💡 Improvement opportunity, alternative approach | Consider | | Info |ℹ | Observation, documentation note | Optional |
Language-Specific Quick Checks
Python
□ Type hints on public functions
□ No mutable default arguments
□ Context managers for resources
□ f-strings over .format() or %
□ Proper exception handling (not bare except)
□ __init__.py exports are intentional
JavaScript / TypeScript
□ async/await with try-catch (no unhandled promises)
□ No implicit any (TypeScript strict mode)
□ Proper null/undefined handling
□ No direct DOM manipulation in React
□ Keys in list rendering
□ useEffect dependencies complete
Java
□ try-with-resources for Closeable
□ Optional for nullable returns
□ Proper equals/hashCode implementation
□ No raw types (generics)
□ Stream API used appropriately
□ Thread safety considered
Go
□ Error handling (not ignored)
□ defer for cleanup
□ Context passed as first parameter
□ No goroutine leaks
□ Proper mutex usage
□ go vet and golangci-lint clean
Rust
□ No unnecessary clones
□ Proper error types (Result)
□ Lifetimes annotated correctly
□ No unsafe blocks without justification
□ Iterator chains over loops where appropriate
□ Clippy warnings addressed
C#
□ async/await patterns correct
□ using statements for IDisposable
□ Nullable reference types enabled
□ LINQ queries efficient
□ Proper exception filtering
□ CancellationToken usage
Ruby
□ No N+1 queries (includes/eager_load)
□ Proper error handling (rescue)
□ Bang methods for mutating operations
□ Frozen string literals
□ RuboCop clean
PHP
□ Type declarations on parameters/returns
□ Prepared statements (no SQL injection)
□ Proper error handling (try-catch)
□ No global state
□ PSR standards followed
Common Anti-Patterns to Flag
Security
Performance
Maintainability
Concurrency
Review Output Formats
Format 1: Markdown (Default)
See TEMPLATES.md for detailed markdown templates.Format 2: JSON (Machine-Readable)
{
"summary": "Brief overview",
"issues": [
{
"severity": "critical",
"file": "src/auth.py",
"line": 42,
"category": "security",
"message": "SQL injection vulnerability",
"suggestion": "Use parameterized queries"
}
],
"positive_notes": ["Good use of type hints"],
"recommendation": "approve_with_changes"
}
Format 3: Checklist Report
Review Summary for PR #123
==========================
[✓] Correctness - 2 issues found
[✓] Security - 1 critical issue
[✓] Performance - No issues
[✓] Maintainability - 3 suggestions
[✓] Testing - Coverage adequate
[✓] Observability - Missing error contextRecommendation: Changes required before merge