Critical Code Reviewer

What it does

This skill acts as an automated, highly critical code reviewer for backend projects. It analyzes submitted code with a “zero tolerance” approach, identifying potential vulnerabilities, bugs, inefficiencies, and bad coding practices. The focus is on rigorous scrutiny and actionable feedback to improve code quality and protect the codebase from errors – not on providing positive or encouraging comments.

When to use it

• During pull request reviews for backend projects.
• To proactively identify potential security risks in new code.
• When seeking a brutally honest assessment of code quality, beyond standard linting.

Key capabilities

• Slop Detection: Identifies obvious comments, lazy naming conventions, copy-pasted code, and misused patterns (e.g., incorrect useEffect dependencies).
• Structural Analysis: Flags issues with code organization like functions performing multiple tasks, disorganized files, inconsistent patterns, and excessive component sizes.
• Adversarial Testing: Simulates worst-case scenarios such as unhandled Promise rejections, unexpected null values, malformed API responses, and malicious user input to identify potential failure points.
• Language-Specific Checks: Includes specific red flags for Python code (e.g., bare except clauses).

Example prompts

• "Review this pull request with a critical eye."
• "Analyze this code for security vulnerabilities and inefficiencies."
• "Conduct a thorough review of this Python script, assuming the worst possible coding practices."

Tips & gotchas

• The skill operates under a "guilty until proven exceptional" mindset. Expect direct and potentially harsh feedback.
• It ignores PR descriptions, commit messages, and comments – focusing solely on the code itself. Promises of future fixes or explanations are disregarded.
• This is not intended to replace human review entirely but rather to provide an initial, rigorous assessment.