Does it run external security tools?

Yes, it automatically detects your project stack and attempts to run industry-standard tools like npm audit, safety, tfsec, and trivy if they are installed on your environment.

Can it detect hardcoded secrets?

Absolutely. It specifically looks for API keys, tokens, passwords, and private certificates in your code, .env files, and container configurations.

How does it prioritize findings?

Issues are categorized into Critical, High, Medium, and Low severity levels, provided with file and line references and a final Review Score out of 20.

What types of code changes can this skill review?

The skill can review staged changes, unstaged changes in the working directory, specific commit hashes, or entire branches compared to a base branch.

Which programming languages are supported?

While it has specialized logic for Node.js, Python, Go, Rust, and DevOps tools, its general analysis engine can provide code review for any programming language.

Code Review Expert

Name: Code Review Expert
Author: antoniocascais

byantoniocascais

•

보안 및 테스팅

Performs comprehensive security, performance, and best-practice reviews of git changes, commits, and pull requests.

소개

The Code Review Expert skill transforms Claude into a senior-level auditor for your development workflow. It streamlines the review process by automatically detecting your tech stack, running relevant security scanners, and performing a deep analysis of git diffs to identify everything from syntax errors and hardcoded secrets to performance bottlenecks and infrastructure drift. Whether you are checking staged changes before a commit or auditing a full pull request, this skill provides a prioritized, actionable report with severity rankings and a final quality score.

주요 기능

Flexible scope selection including staged changes, specific commits, and branch-to-branch comparisons.
Integrated security auditing for hardcoded secrets, PII, and container vulnerabilities.
Automated execution of ecosystem scanners like npm audit, tfsec, and trivy.
2 GitHub stars
Automatic tech stack detection for Node.js, Python, Go, Rust, Docker, Terraform, and Kubernetes.
Performance anti-pattern detection including N+1 queries and blocking I/O.

사용 사례

Pre-commit security checks to prevent accidental leakage of API keys and credentials.
Automated pull request auditing to ensure compliance with team best practices and idiomatic patterns.
Deep-dive analysis of legacy commits to identify technical debt and deprecated API usage.

소개

주요 기능

Flexible scope selection including staged changes, specific commits, and branch-to-branch comparisons.
Integrated security auditing for hardcoded secrets, PII, and container vulnerabilities.
Automated execution of ecosystem scanners like npm audit, tfsec, and trivy.
2 GitHub stars
Automatic tech stack detection for Node.js, Python, Go, Rust, Docker, Terraform, and Kubernetes.
Performance anti-pattern detection including N+1 queries and blocking I/O.

사용 사례

Pre-commit security checks to prevent accidental leakage of API keys and credentials.
Automated pull request auditing to ensure compliance with team best practices and idiomatic patterns.
Deep-dive analysis of legacy commits to identify technical debt and deprecated API usage.