Code Review

What it does

This skill provides automated code review for Python and Django projects, focusing on identifying high-impact defects related to security vulnerabilities, correctness issues, and performance optimizations. It analyzes changes made to a codebase within a Git repository and reports findings with supporting evidence and suggested fixes. The skill prioritizes critical issues over minor style concerns.

When to use it

• Before submitting code for review by human developers.
• To proactively identify potential security vulnerabilities in your Python/Django project.
• As part of an automated CI/CD pipeline to ensure code quality and consistency.
• When needing a quick assessment of the impact of recent code changes.

Key capabilities

• Automated defect identification: Identifies issues related to behavior regressions, error-path safety, security vulnerabilities, and performance optimizations.
• Severity assignment: Categorizes findings by severity (CRITICAL, HIGH, MEDIUM, LOW).
• Evidence-based reporting: Provides location, impact, evidence, confidence level, and concrete fix suggestions for each finding.
• Automatic fixes: With the --fix flag, applies suggested fixes in order of severity and re-runs checks to verify changes.
• Scope control: Allows users to specify a scope (files or commits) for review, or defaults to session-modified files within a Git repository.

Example prompts

• "Review these code changes."
• "Run code review on the src/models.py file."
• "Perform a code review with automatic fixes."

Tips & gotchas

• The skill requires a valid Git repository context to function correctly. Ensure you are running it from within a Git repository.
• By default, the skill only analyzes session-modified files. Use specific paths or commit ranges to expand the scope of the review.
• Generated and low-signal files (like lockfiles) are excluded by default.