code-review-checklist
Code review guidelines covering code quality, security, and best practices.
适合你,如果你需要系统化的代码审查指南
/ 下载安装
/ 通过 npx 安装 校验哈希
npx oh-my-skill add vodailocz/kilo-kit-mcp/code-review-checklist/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- vodailocz/kilo-kit-mcp/code-review-checklist/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify vodailocz/kilo-kit-mcp/code-review-checklist安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
26GitHub stars
~514上下文体积 · 单文件
索引托管
怎么用
技能原文 SKILL.md
Code Review Checklist
Quick Review Checklist
Correctness
- [ ] Code does what it's supposed to do
- [ ] Edge cases handled
- [ ] Error handling in place
- [ ] No obvious bugs
Security
- [ ] Input validated and sanitized
- [ ] No SQL/NoSQL injection vulnerabilities
- [ ] No XSS or CSRF vulnerabilities
- [ ] No hardcoded secrets or sensitive credentials
- [ ] AI-Specific: Protection against Prompt Injection (if applicable)
- [ ] AI-Specific: Outputs are sanitized before being used in critical sinks
Performance
- [ ] No N+1 queries
- [ ] No unnecessary loops
- [ ] Appropriate caching
- [ ] Bundle size impact considered
Code Quality
- [ ] Clear naming
- [ ] DRY - no duplicate code
- [ ] SOLID principles followed
- [ ] Appropriate abstraction level
Testing
- [ ] Unit tests for new code
- [ ] Edge cases tested
- [ ] Tests readable and maintainable
Documentation
- [ ] Complex logic commented
- [ ] Public APIs documented
- [ ] README updated if needed
AI & LLM Review Patterns (2025)
Logic & Hallucinations
- [ ] Chain of Thought: Does the logic follow a verifiable path?
- [ ] Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
- [ ] External State: Is the code making safe assumptions about file systems or networks?
Prompt Engineering Review
// ❌ Vague prompt in code
const response = await ai.generate(userInput);
// ✅ Structured & Safe prompt
const response = await ai.generate({
system: "You are a specialized parser...",
input: sanitize(userInput),
schema: ResponseSchema
});
Anti-Patterns to Flag
// ❌ Magic numbers
if (status === 3) { ... }
// ✅ Named constants
if (status === Status.ACTIVE) { ... }
// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }
// ✅ Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work
// ❌ Long functions (100+ lines)
// ✅ Small, focused functions
// ❌ any type
const data: any = ...
// ✅ Proper types
const data: UserData = ...
Review Comments Guide
// Blocking issues use 🔴 🔴 BLOCKING: SQL injection vulnerability here // Important suggestions use 🟡 🟡 SUGGESTION: Consider using useMemo for performance // Minor nits use 🟢 🟢 NIT: Prefer const over let for immutable variable // Questions use ❓ ❓ QUESTION: What happens if user is null here?
按 Apache-2.0 许可原样转载,未经改动 · 在 GitHub 查看 →
评论
登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。
…