审查代码变更的安全性、性能与正确性,帮助你在合并前发现风险
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "code-review" 技能: 1. 下载 https://raw.githubusercontent.com/anthropics/knowledge-work-plugins/main/engineering/skills/code-review/SKILL.md 2. 保存为 ~/.claude/skills/code-review/SKILL.md 3. 装好后重载技能,告诉我可以用了
请审查这个 PR 的代码变更,重点检查安全风险、性能问题、潜在 bug、边界条件和错误处理遗漏,并按严重程度列出建议:<PR URL>
一份结构化审查意见,包含问题列表、风险等级、原因说明和修改建议。
下面是一段代码 diff。请判断是否存在 SQL 注入、命令注入、权限绕过、敏感信息泄露或不安全输入处理,并给出修复建议:<diff>
针对安全问题的逐项分析,指出可利用风险、受影响位置与修复方式。
请审查这段改动,重点判断是否会引入 N+1 查询、不必要循环、缓存失效问题,以及遗漏的空值、异常或并发边界情况:<diff 或代码片段>
一份聚焦性能和正确性的审查结果,标出具体问题与优化建议。
If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md.
Review code changes with a structured lens on security, performance, correctness, and maintainability.
/code-review <PR URL or file path>
Review the provided code changes: @$1
If no specific file or URL is provided, ask what to review.
┌─────────────────────────────────────────────────────────────────┐
│ CODE REVIEW │
├─────────────────────────────────────────────────────────────────┤
│ STANDALONE (always works) │
│ ✓ Paste a diff, PR URL, or point to files │
│ ✓ Security audit (OWASP top 10, injection, auth) │
│ ✓ Performance review (N+1, memory leaks, complexity) │
│ ✓ Correctness (edge cases, error handling, race conditions) │
│ ✓ Style (naming, structure, readability) │
│ ✓ Actionable suggestions with code examples │
├─────────────────────────────────────────────────────────────────┤
│ SUPERCHARGED (when you connect your tools) │
│ + Source control: Pull PR diff automatically │
│ + Project tracker: Link findings to tickets │
│ + Knowledge base: Check against team coding standards │
└─────────────────────────────────────────────────────────────────┘
## Code Review: [PR title or file]
### Summary
[1-2 sentence overview of the changes and overall quality]
### Critical Issues
| # | File | Line | Issue | Severity |
|---|------|------|-------|----------|
| 1 | [file] | [line] | [description] | 🔴 Critical |
### Suggestions
| # | File | Line | Suggestion | Category |
|---|------|------|------------|----------|
| 1 | [file] | [line] | [description] | Performance |
### What Looks Good
- [Positive observations]
### Verdict
[Approve / Request Changes / Needs Discussion]
If ~~source control is connected:
If ~~project tracker is connected:
If ~~knowledge base is connected:
拆解财务差异成因,生成瀑布分析与管理层解读说明。
调用多模型交叉审查代码变更、PR与高风险修改,辅助发现缺陷与争议点