Systematic code review patterns, quality dimensions, anti-pattern detection, and constructive feedback techniques. Use when reviewing code changes, assessing codebase quality, identifying technical debt, or mentoring through reviews. Covers correctness, design, security, performance, and maintainability.
/plugin marketplace add rsmdt/the-startup/plugin install team@the-startupThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Systematic patterns for reviewing code and providing constructive, actionable feedback that improves both code quality and developer skills.
Every code review should evaluate these six dimensions:
Does the code work as intended?
| Check | Questions |
|---|---|
| Functionality | Does it solve the stated problem? |
| Edge Cases | Are boundary conditions handled? |
| Error Handling | Are failures gracefully managed? |
| Data Validation | Are inputs validated at boundaries? |
| Null Safety | Are null/undefined cases covered? |
Is the code well-structured?
| Check | Questions |
|---|---|
| Single Responsibility | Does each function/class do one thing? |
| Abstraction Level | Is complexity hidden appropriately? |
| Coupling | Are dependencies minimized? |
| Cohesion | Do related things stay together? |
| Extensibility | Can it be modified without major changes? |
Can others understand this code?
| Check | Questions |
|---|---|
| Naming | Do names reveal intent? |
| Comments | Is the "why" explained, not the "what"? |
| Formatting | Is style consistent? |
| Complexity | Is cyclomatic complexity reasonable (<10)? |
| Flow | Is control flow straightforward? |
Is the code secure?
| Check | Questions |
|---|---|
| Input Validation | Are all inputs sanitized? |
| Authentication | Are auth checks present where needed? |
| Authorization | Are permissions verified? |
| Data Exposure | Is sensitive data protected? |
| Dependencies | Are there known vulnerabilities? |
Is the code efficient?
| Check | Questions |
|---|---|
| Algorithmic | Is time complexity appropriate? |
| Memory | Are allocations reasonable? |
| I/O | Are database/network calls optimized? |
| Caching | Is caching used where beneficial? |
| Concurrency | Are race conditions avoided? |
Can this code be tested?
| Check | Questions |
|---|---|
| Test Coverage | Are critical paths tested? |
| Test Quality | Do tests verify behavior, not implementation? |
| Mocking | Are external dependencies mockable? |
| Determinism | Are tests reliable and repeatable? |
| Edge Cases | Are boundary conditions tested? |
Common code smells and their remediation:
| Anti-Pattern | Detection Signs | Remediation |
|---|---|---|
| Long Method | >20 lines, multiple responsibilities | Extract Method |
| Long Parameter List | >3-4 parameters | Introduce Parameter Object |
| Duplicate Code | Copy-paste patterns | Extract Method, Template Method |
| Complex Conditionals | Nested if/else, switch statements | Decompose Conditional, Strategy Pattern |
| Magic Numbers | Hardcoded values without context | Extract Constant |
| Dead Code | Unreachable or unused code | Delete it |
| Anti-Pattern | Detection Signs | Remediation |
|---|---|---|
| God Object | >500 lines, many responsibilities | Extract Class |
| Data Class | Only getters/setters, no behavior | Move behavior to class |
| Feature Envy | Method uses another class's data extensively | Move Method |
| Inappropriate Intimacy | Classes know too much about each other | Move Method, Extract Class |
| Refused Bequest | Subclass doesn't use inherited behavior | Replace Inheritance with Delegation |
| Lazy Class | Does too little to justify existence | Inline Class |
| Anti-Pattern | Detection Signs | Remediation |
|---|---|---|
| Circular Dependencies | A depends on B depends on A | Dependency Inversion |
| Shotgun Surgery | One change requires many file edits | Move Method, Extract Class |
| Leaky Abstraction | Implementation details exposed | Encapsulate |
| Premature Optimization | Complex code for unproven performance | Simplify, measure first |
| Over-Engineering | Abstractions for hypothetical requirements | YAGNI - simplify |
Focus review effort where it matters most:
[Observation] + [Why it matters] + [Suggestion] + [Example if helpful]
# Instead of:
"This is wrong"
# Say:
"This query runs inside a loop (line 45), which could cause N+1
performance issues as the dataset grows. Consider using a batch
query before the loop:
```python
users = User.query.filter(User.id.in_(user_ids)).all()
user_map = {u.id: u for u in users}
"
```markdown
# Instead of:
"Use better names"
# Say:
"The variable `d` on line 23 would be clearer as `daysSinceLastLogin` -
it helps readers understand the business logic without tracing back
to the assignment."
| Avoid | Prefer |
|---|---|
| "You should..." | "Consider..." or "What about..." |
| "This is wrong" | "This might cause issues because..." |
| "Why didn't you..." | "Have you considered..." |
| "Obviously..." | "One approach is..." |
| "Always/Never do X" | "In this context, X would help because..." |
Include what's done well:
"Nice use of the Strategy pattern here - it makes adding new
payment methods straightforward."
"Good error handling - the retry logic with exponential backoff
is exactly what we need for this flaky API."
"Clean separation of concerns between the validation and persistence logic."
All of the above, plus:
All of the above, plus:
Track review effectiveness:
| Metric | Target | What It Indicates |
|---|---|---|
| Review Turnaround | < 24 hours | Team velocity |
| Comments per Review | 3-10 | Engagement level |
| Defects Found | Decreasing trend | Quality improvement |
| Review Time | < 60 min for typical PR | Right-sized changes |
| Approval Rate | 70-90% first submission | Clear standards |
Avoid these review behaviors:
| Anti-Pattern | Description | Better Approach |
|---|---|---|
| Nitpicking | Focusing on style over substance | Use linters for style |
| Drive-by Review | Quick approval without depth | Allocate proper time |
| Gatekeeping | Blocking for personal preferences | Focus on objective criteria |
| Ghost Review | Approval without comments | Add at least one observation |
| Review Bombing | Overwhelming with comments | Prioritize and limit to top issues |
| Delayed Review | Letting PRs sit for days | Commit to turnaround time |
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.