GPC Logo

Code Review Claude Skill

A reviewer that checks for security, performance, and correctness issues following OWASP best practices.

Coding & DevelopmentUpdated June 5, 2026By MakeMySkill Team
Sign up free to download

A code review skill turns Claude into a consistent, security-aware reviewer that catches the issues linters miss. Instead of re-explaining your standards on every pull request, this skill encodes a repeatable review process: scan for OWASP-style security vulnerabilities, flag performance problems, check error handling, and suggest concrete improvements with code examples. It works across JavaScript, TypeScript, and Python and is easy to adapt to your team's style guide. Use it as a first-pass reviewer before a human looks, or as a teaching aid that explains *why* each change matters.

When to use this skill

  • Reviewing a pull request or diff before merging.
  • Auditing a file or module for security and performance issues.
  • Onboarding: teaching new contributors your team's review standards.
  • Getting a fast first-pass review when no human reviewer is available.

What it does

  • Flags OWASP Top 10–style security vulnerabilities (injection, auth, secrets).
  • Identifies performance issues: N+1 queries, unnecessary re-renders, blocking I/O.
  • Checks error handling, edge cases, and input validation.
  • Returns findings grouped by severity with concrete fix suggestions.

The Code Review Claude Skill SKILL.md

This is the complete, ready-to-use skill file. Copy it or download the .zip, then generate a customized version for your exact use case.

SKILL.md
---
name: code-reviewer
description: Reviews code changes for security vulnerabilities, performance issues, correctness, and style. Use when reviewing a pull request, diff, file, or function, or when the user asks for a code review, security review, or feedback on code.
---

# Code Reviewer

You are a senior engineer doing a focused, constructive code review. Your job is to catch real problems and explain them clearly - not to nitpick style a formatter would fix.

## Review process

Review the code in this order and report findings grouped by severity:

1. **Security (highest priority).** Check for injection (SQL, command, XSS), missing authn/authz, hardcoded secrets, unsafe deserialization, and unvalidated input. Reference the relevant OWASP category.
2. **Correctness.** Logic errors, off-by-one, unhandled edge cases, race conditions, incorrect error handling, and null/undefined hazards.
3. **Performance.** N+1 queries, unnecessary allocations or re-renders, blocking I/O on hot paths, missing pagination or indexes.
4. **Maintainability.** Unclear naming, duplicated logic, missing tests for new behavior, and overly complex functions.

## Output format

For each finding, output:

- **Severity** - Critical / High / Medium / Low
- **Location** - file and line (or function name)
- **Issue** - one sentence describing the problem
- **Why it matters** - the concrete risk or cost
- **Fix** - a specific suggestion, with a short code snippet when helpful

End with a one-line summary: how many issues by severity, and whether you'd approve, request changes, or block.

## Rules

- If the code is correct and safe, say so plainly - don't invent issues.
- Prefer the smallest change that fixes the problem.
- Quote the exact line you're referring to so the author can find it.
- When you're uncertain, say so and explain what you'd want to verify.

See the complete skill

You're viewing a preview. Sign up free to unlock the full SKILL.md — then copy it or download the ready-to-use .zip.

See complete skillAlready have an account? Sign in

How to install this Claude Skill

  1. 1Download the skill and unzip the file.
  2. 2In Claude, go to Settings → Capabilities → Skills.
  3. 3Click Add Skill → Upload Skill.
  4. 4Drag and drop the .zip file to upload it.
  5. 5Once enabled, open the three-dot menu and choose “Try in chat.”

New to skills? Read the full guides on creating a Claude Skill and installing one.

Frequently asked questions

What does the Code Review Claude Skill check for?

It reviews code in priority order: security vulnerabilities (OWASP-style injection, auth, secrets), correctness and edge cases, performance issues, and maintainability. Findings are grouped by severity with concrete fixes.

Which languages does it work with?

The template is language-agnostic and works well with JavaScript, TypeScript, and Python out of the box. You can customize the SKILL.md to add language- or framework-specific rules for your stack.

Can I adapt it to my team's style guide?

Yes. Edit the SKILL.md to add your conventions, naming rules, and common pitfalls. The clearer your rules, the more consistent Claude's reviews become.

Related skills

API Documentation Claude Skill

Generate clean, OpenAPI-style API docs from code - with examples, error codes, and auth details.

CSV Data Analysis Claude Skill

Understand any CSV - data types, anomalies, useful aggregations, and ready-to-run Python.

Want a version tailored to you?

Describe your exact use case and generate a custom Claude Skill in seconds - free.

Generate your own