MCP.directory

reviewing-code

by CaptainCrouton89
100
17
Source

Systematically evaluate code changes for security, correctness, performance, and spec alignment. Use when reviewing PRs, assessing code quality, or verifying implementation against requirements.

Install

mkdir -p .claude/skills/reviewing-code && curl -L -o skill.zip "https://mcp.directory/api/skills/download/187" && unzip -o skill.zip -d .claude/skills/reviewing-code && rm skill.zip

Installs to .claude/skills/reviewing-code

About this skill

Reviewing Code

Evaluate code changes across security, correctness, spec alignment, performance, and maintainability. Apply sequential or parallel review based on scope.

Quick Start

Sequential (small PRs, <5 files):

  1. Gather context from feature specs and acceptance criteria
  2. Review sequentially through focus areas
  3. Report findings by priority
  4. Recommend approval/revision/rework

Parallel (large PRs, >5 files):

  1. Identify independent review aspects (security, API, UI, data)
  2. Spawn specialist agents for each dimension
  3. Consolidate findings
  4. Report aggregate assessment

Context Gathering

Read documentation:

  • docs/feature-spec/F-##-*.md — Technical design and requirements
  • docs/user-stories/US-###-*.md — Acceptance criteria
  • docs/api-contracts.yaml — Expected API signatures
  • docs/data-plan.md — Event tracking requirements (if applicable)
  • docs/design-spec.md — UI/UX requirements (if applicable)
  • docs/system-design.md — Architecture patterns (if available)
  • docs/plans/<slug>/plan.md — Original implementation plan (if available)

Determine scope:

  • Files changed and features affected (F-## IDs)
  • Stories implemented (US-### IDs)
  • API, database, or schema changes

Quality Dimensions

Security (/25)

  • Input validation and sanitization
  • Authentication/authorization checks
  • Sensitive data handling
  • Injection vulnerabilities (SQL, XSS, etc.)

Correctness (/25)

  • Logic matches acceptance criteria
  • Edge cases handled properly
  • Error handling complete
  • Null/undefined checks present

Spec Alignment (/20)

  • APIs match docs/api-contracts.yaml
  • Data events match docs/data-plan.md
  • UI matches docs/design-spec.md
  • Implementation follows feature spec

Performance (/15)

  • Algorithm efficiency
  • Database query optimization
  • Resource usage (memory, network)

Maintainability (/15)

  • Code clarity and readability
  • Consistent with codebase patterns
  • Appropriate abstraction levels
  • Comments where needed

Total: /100

Finding Priority

🔴 CRITICAL (Must fix before merge)

  • Security vulnerabilities
  • Broken functionality
  • Spec violations (API contract breaks)
  • Data corruption risks

Format:

Location: file.ts:123
Problem: [Description]
Impact: [Risk/consequence]
Fix: [Specific change needed]
Spec reference: [docs/api-contracts.yaml line X]

🟡 IMPORTANT (Should fix)

  • Logic bugs in edge cases
  • Missing error handling
  • Performance issues
  • Missing analytics events
  • Accessibility violations

🟢 NICE-TO-HAVE (Optional)

  • Code style improvements
  • Better abstractions
  • Enhanced documentation

✅ GOOD PRACTICES

Highlight what was done well for learning

Review Strategies

Single-Agent Review

Best for <5 files, single concern:

  1. Review sequentially through focus areas
  2. Concentrate on 1-2 most impacted areas
  3. Generate unified report

Parallel Multi-Agent Review

Best for >5 files, multiple concerns:

  1. Spawn specialized agents:

    • Security: senior-engineer for vulnerability assessment
    • Architecture: Explore for pattern compliance
    • API Contracts: programmer for endpoint validation
    • Frontend: programmer for UI/UX and accessibility
    • Documentation: documentor for comment quality and docs

  2. Each agent reviews specific quality dimension

  3. Consolidate findings into single report

Report Structure

# Code Review: [Feature/PR]

## Summary
**Quality Score:** [X/100]
**Issues:** Critical: [N], Important: [N], Nice-to-have: [N]
**Assessment:** [APPROVE / NEEDS REVISION / MAJOR REWORK]

## Spec Compliance
- [ ] APIs match `docs/api-contracts.yaml`
- [ ] Events match `docs/data-plan.md`
- [ ] UI matches `docs/design-spec.md`
- [ ] Logic satisfies story AC

## Findings

### Critical Issues
[Issues with fix recommendations]

### Important Issues
[Issues that should be addressed]

### Nice-to-Have Suggestions
[Optional improvements]

### Good Practices
[What worked well]

## Recommendations
[Next steps: approval, revision needed, etc.]

Fix Implementation

Offer options:

  1. Fix critical + important issues
  2. Fix only critical (minimum for safety)
  3. Provide detailed explanation for learning
  4. Review only (no changes)

Parallel fixes for large revisions:

  • Spawn agents for independent fix areas
  • Coordinate on shared dependencies
  • Document each fix with location, change, and verification method

Document format:

✅ FIXED: [Issue name]
File: [path:line]
Change: [what changed]
Verification: [how to test]

Documentation Updates

Check if specs need updates:

  • Feature spec "Decisions" or "Deviations" if implementation differs
  • Design spec if UI changed
  • API contracts if endpoints modified (requires approval)
  • Data plan if events changed

Always flag for user approval before modifying specs.

Key Points

  • Read all context documents before starting
  • Focus on most impacted areas first
  • Be thorough with security-sensitive code, API changes, and critical user flows
  • Use scoring framework for comprehensive reviews
  • Parallel review scales to large PRs
  • Flag spec deviations for user decision

More by CaptainCrouton89

View all skills by CaptainCrouton89

railway-cli-management

CaptainCrouton89

Deploy, manage services, view logs, and configure Railway infrastructure. Use when deploying to Railway, managing environment variables, viewing deployment logs, scaling services, or managing volumes.

1358

writing-like-user

CaptainCrouton89

Emulate the user's personal writing voice and style patterns. Use when the user asks to write content in their voice, draft documents, compose messages, or requests "write this like me" or "in my style."

815

fixing-bugs-systematically

CaptainCrouton89

Diagnose and fix bugs through systematic investigation, root cause analysis, and targeted validation. Use when something is broken, errors occur, performance degrades, or unexpected behavior manifests.

21

investigating-code-patterns

CaptainCrouton89

Systematically trace code flows, locate implementations, diagnose performance issues, and map system architecture. Use when understanding how existing systems work, researching concepts, exploring code structure, or answering "how/where/why is X implemented?" questions.

51

writing-documentation-for-llms

CaptainCrouton89

Teaches how to write effective documentation and instructions for LLMs by assuming competence, using progressive disclosure, prioritizing examples over explanations, and building feedback loops into workflows.

31

documenting-code

CaptainCrouton89

Maintain project documentation synchronized with code. Keep feature specs, API contracts, and README current with init-project standards. Use when updating docs after code changes, adding new features, or ensuring documentation completeness.

21

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

1,5731,370

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

1,1161,191

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

1,4181,109

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

1,198748

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

1,155684

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

1,318617

Related MCP Servers

Browse all servers
GitHubGitHub

Extend your developer tools with GitHub MCP Server for advanced automation, supporting GitHub Student and student packag

27,6470 tools
RepomixRepomix

Optimize your codebase for AI with Repomix—transform, compress, and secure repos for easier analysis with modern AI tool

22,2988 tools
Google GenAI ToolboxGoogle GenAI Toolbox

Google GenAI Toolbox: open-source GenAI database agent and AI database connector for Google Cloud database—query Cloud S

13,3270 tools
GhidraMCPGhidraMCP

MCP server for Ghidra reverse engineering. Enables AI assistants to decompile binaries, analyze functions, rename variab

7,8360 tools
HexStrike AIHexStrike AI

Advanced MCP server enabling AI agents to autonomously run 150+ security and penetration testing tools. Covers reconnais

7,2980 tools
NotionNotion

Enhance productivity with AI-driven Notion automation. Leverage the Notion API for secure, automated workspace managemen

4,0000 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.