MR
Mayur Rathi
@mayurrathi
⭐ 40.7k GitHub stars

Code Review Checklist

Code Review Checklist is an code AI skill with a core value of Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/code-review-checklist && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/code-review-checklist/SKILL.md -o ./skills/code-review-checklist/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# Code Review Checklist


Overview


Provide a systematic checklist for conducting thorough code reviews. This skill helps reviewers ensure code quality, catch bugs, identify security issues, and maintain consistency across the codebase.


When to Use This Skill


- Use when reviewing pull requests

- Use when conducting code audits

- Use when establishing code review standards for a team

- Use when training new developers on code review practices

- Use when you want to ensure nothing is missed in reviews

- Use when creating code review documentation


How It Works


Step 1: Understand the Context


Before reviewing code, I'll help you understand:

- What problem does this code solve?

- What are the requirements?

- What files were changed and why?

- Are there related issues or tickets?

- What's the testing strategy?


Step 2: Review Functionality


Check if the code works correctly:

- Does it solve the stated problem?

- Are edge cases handled?

- Is error handling appropriate?

- Are there any logical errors?

- Does it match the requirements?


Step 3: Review Code Quality


Assess code maintainability:

- Is the code readable and clear?

- Are names descriptive?

- Is it properly structured?

- Are functions/methods focused?

- Is there unnecessary complexity?


Step 4: Review Security


Check for security issues:

- Are inputs validated?

- Is sensitive data protected?

- Are there SQL injection risks?

- Is authentication/authorization correct?

- Are dependencies secure?


Step 5: Review Performance


Look for performance issues:

- Are there unnecessary loops?

- Is database access optimized?

- Are there memory leaks?

- Is caching used appropriately?

- Are there N+1 query problems?


Step 6: Review Tests


Verify test coverage:

- Are there tests for new code?

- Do tests cover edge cases?

- Are tests meaningful?

- Do all tests pass?

- Is test coverage adequate?


Examples


Example 1: Functionality Review Checklist


markdown
## Functionality Review

### Requirements
- [ ] Code solves the stated problem
- [ ] All acceptance criteria are met
- [ ] Edge cases are handled
- [ ] Error cases are handled
- [ ] User input is validated

### Logic
- [ ] No logical errors or bugs
- [ ] Conditions are correct (no off-by-one errors)
- [ ] Loops terminate correctly
- [ ] Recursion has proper base cases
- [ ] State management is correct

### Error Handling
- [ ] Errors are caught appropriately
- [ ] Error messages are clear and helpful
- [ ] Errors don't expose sensitive information
- [ ] Failed operations are rolled back
- [ ] Logging is appropriate

### Example Issues to Catch:

**❌ Bad - Missing validation:**
\`\`\`javascript
function createUser(email, password) {
  // No validation!
  return db.users.create({ email, password });
}
\`\`\`

**✅ Good - Proper validation:**
\`\`\`javascript
function createUser(email, password) {
  if (!email || !isValidEmail(email)) {
    throw new Error('Invalid email address');
  }
  if (!password || password.length < 8) {
    throw new Error('Password must be at least 8 characters');
  }
  return db.users.create({ email, password });
}
\`\`\`

Example 2: Security Review Checklist


markdown
## Security Review

### Input Validation
- [ ] All user inputs are validated
- [ ] SQL injection is prevented (use parameterized queries)
- [ ] XSS is prevented (escape output)
- [ ] CSRF protection is in place
- [ ] File uploads are validated (type, size, content)

### Authentication & Authorization
- [ ] Authentication is required where needed
- [ ] Authorization checks are present
- [ ] Passwords are hashed (never stored plain text)
- [ ] Sessions are managed securely
- [ ] Tokens expire appropriately

### Data Protection
- [ ] Sensitive data is encrypted
- [ ] API keys are not hardcoded
- [ ] Environment variables are used for secrets
- [ ] Personal data follows privacy regulations
- [ ] Database credentials are secure

### Dependencies
- [ ] No known vulnerable dependencies
- [ ] Dependencies 

🎯 Best For

  • Engineering teams doing code reviews
  • Open source maintainers
  • Security auditors
  • DevSecOps teams
  • Compliance officers

💡 Use Cases

  • Reviewing pull requests for security vulnerabilities
  • Checking code style consistency
  • Auditing dependencies for known CVEs
  • Scanning API endpoints for auth gaps

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Code Review Checklist to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Does this skill check for OWASP Top 10?

Security-focused review skills often include OWASP checks. Check the skill content for specific vulnerability categories covered.

Can this replace a dedicated SAST tool?

AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.

Is Code Review Checklist compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Code Review Checklist?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Code Review Checklist?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/code-review-checklist/SKILL.md, ready to use.

⚠️ Common Mistakes to Avoid

Blindly accepting AI suggestions

Always verify AI-generated review comments. Some suggestions may not apply to your specific codebase conventions.

Only scanning surface-level issues

Deep security review requires understanding your app architecture, not just regex patterns.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills