Does it run external security tools?

Yes, it automatically detects your project stack and attempts to run industry-standard tools like npm audit, safety, tfsec, and trivy if they are installed on your environment.

Can it detect hardcoded secrets?

Absolutely. It specifically looks for API keys, tokens, passwords, and private certificates in your code, .env files, and container configurations.

How does it prioritize findings?

Issues are categorized into Critical, High, Medium, and Low severity levels, provided with file and line references and a final Review Score out of 20.

What types of code changes can this skill review?

The skill can review staged changes, unstaged changes in the working directory, specific commit hashes, or entire branches compared to a base branch.

Which programming languages are supported?

While it has specialized logic for Node.js, Python, Go, Rust, and DevOps tools, its general analysis engine can provide code review for any programming language.

Code Review Expert

Name: Code Review Expert
Author: antoniocascais

byantoniocascais

•

보안 및 테스팅

Performs comprehensive security, performance, and best-practice reviews of git changes, commits, and pull requests.

The Code Review Expert skill transforms Claude into a senior-level auditor for your development workflow. It streamlines the review process by automatically detecting your tech stack, running relevant security scanners, and performing a deep analysis of git diffs to identify everything from syntax errors and hardcoded secrets to performance bottlenecks and infrastructure drift. Whether you are checking staged changes before a commit or auditing a full pull request, this skill provides a prioritized, actionable report with severity rankings and a final quality score.

주요 기능

01Flexible scope selection including staged changes, specific commits, and branch-to-branch comparisons.

02Integrated security auditing for hardcoded secrets, PII, and container vulnerabilities.

03Automated execution of ecosystem scanners like npm audit, tfsec, and trivy.

042 GitHub stars

05Automatic tech stack detection for Node.js, Python, Go, Rust, Docker, Terraform, and Kubernetes.

06Performance anti-pattern detection including N+1 queries and blocking I/O.

사용 사례

01Pre-commit security checks to prevent accidental leakage of API keys and credentials.

02Automated pull request auditing to ensure compliance with team best practices and idiomatic patterns.

03Deep-dive analysis of legacy commits to identify technical debt and deprecated API usage.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add antoniocascais/claude-code-knowledge reviewing-code-changes

For use in Claude.ai and ChatGPT

Download Skill