Claude Skill
Code Review Skill
Automated diff analysis that catches bugs, security issues, and code quality problems before merging
What this skill does
The code review skill analyzes your current diff against the base branch and flags bugs, security vulnerabilities, and style violations with file and line references. It runs multiple review agents in parallel, each focused on a different class of issue, then deduplicates and ranks findings by severity before presenting results.
Claude Code ships with a bundled /code-review command that works immediately. The official code-review plugin extends this with GitHub PR commenting through the gh CLI. Community implementations like awesome-skills/code-review-skill add language-specific checklists for 20+ frameworks with progressive loading that keeps context usage low.
The skill works best as a pre-merge check on feature branches. It catches the mechanical issues that slow down human reviewers, from missing error handling to hardcoded credentials. For architectural and business logic concerns, you still need a human reviewer.
Install
# The /code-review command is built into Claude Code. No install needed.
# For the enhanced community version with language-specific review guides:
git clone https://github.com/awesome-skills/code-review-skill.git ~/.claude/skills/code-review
# Or install to project scope only:
git clone https://github.com/awesome-skills/code-review-skill.git .claude/skills/code-reviewBuilt-in Skill (No Install)
The /code-review command ships with Claude Code and is available in every session. Start a session in any project with uncommitted changes and run /code-review to use it immediately.
Enhanced Community Version
The community-maintained code-review-skill adds language-specific review guides for React, Vue, Rust, TypeScript, Python, Go, and 15 other frameworks. These guides load progressively, so they only consume context tokens when the skill detects the relevant language in your diff. Clone it into your personal skills directory for global access, or into your project’s .claude/skills/ for project-scoped use.
Verify the install by starting a new Claude Code session and running /skills to confirm code-review appears in the list.
Prerequisites
Claude Code installed and authenticated. For the community version, git available in your terminal. No other dependencies required.
Example
# Run a basic review on your current branch:
/code-review
# Sample output:
## Code Review Results
### Critical (2)
1. src/api/auth.ts:42 - SQL injection: user input concatenated into query string
2. src/utils/config.ts:18 - Hardcoded API key in source code
### Warning (3)
1. src/components/Dashboard.tsx:89 - Unused variable 'isLoading'
2. src/hooks/useAuth.ts:34 - Missing error handling in async function
3. src/api/users.ts:67 - N+1 query pattern inside loop
### Suggestion (1)
1. src/utils/helpers.ts:12 - 'formatDate' duplicates logic from 'parseTimestamp'
# Run with auto-fix applied:
/code-review --fix
# Post findings as inline PR comments on GitHub:
/code-review --commentWorks with
Used by these agents
Limitations
Does not catch architectural problems, business logic errors, or performance bottlenecks that require understanding the broader system. For architectural review, use plan mode to evaluate design decisions before writing code, or pair with a human reviewer.
False positive rate increases on large diffs over 500 lines. For monorepo-scale changes, break the diff into smaller PRs or raise the confidence threshold from the default 80 to 90 in the command configuration.
Frequently Asked Questions
The local review works with any git repository regardless of hosting provider. The --comment flag posts findings to GitHub PRs through the gh CLI. For GitLab and Bitbucket, run the local review and incorporate findings manually, or set up a CI step that captures the terminal output.
The default confidence threshold is 80 out of 100. Raise it to filter out lower-confidence findings on noisy codebases. Lower it to surface more edge cases. Edit the threshold value in the command configuration file at commands/code-review.md inside the skill directory.
The review agents read your project's CLAUDE.md and check for compliance violations alongside bugs and security issues. If your CLAUDE.md specifies 'no default exports,' the review flags default exports as violations. More specific CLAUDE.md rules produce better compliance results.
It applies fixes directly to your working tree for mechanical issues like unused imports, missing error handling, and simple type errors. Review changes with git diff afterward. The flag does not attempt fixes for security vulnerabilities or architectural issues that need human judgment.