jbvc/code-review-checklist
Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability
46
46%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies its domain (code reviews) and lists high-level categories but reads more like a document title than a skill description. It lacks concrete actions, explicit trigger guidance ('Use when...'), and natural keyword variations that would help Claude reliably select it from a large skill set.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks for a code review, PR review, pull request feedback, or wants a quality checklist for their code.'
Replace the high-level category list with specific concrete actions, e.g., 'Checks for security vulnerabilities, identifies performance bottlenecks, flags error handling gaps, and verifies test coverage.'
Include natural trigger term variations users would say: 'PR review', 'pull request', 'review my code', 'code quality check', 'review checklist'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (code reviews) and lists categories (functionality, security, performance, maintainability), but doesn't describe concrete actions like 'check for SQL injection', 'verify error handling', or 'flag N+1 queries'. The categories are high-level rather than specific actions. | 2 / 3 |
Completeness | Describes what it is (a checklist for code reviews) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and the 'what' itself is also weak (it's a noun phrase describing a checklist rather than actions), so this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes 'code review' which is a natural trigger term users would say, plus related terms like 'security' and 'performance'. However, it misses common variations like 'PR review', 'pull request', 'review checklist', 'code quality', or 'review my code'. | 2 / 3 |
Distinctiveness Conflict Risk | The 'code review' focus provides some distinctiveness, but the broad categories (security, performance, maintainability) could overlap with dedicated security audit skills, performance optimization skills, or general code quality skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an extremely verbose, monolithic checklist that repeats itself multiple times (steps → example checklists → complete checklist) and explains concepts Claude already knows well. While the code examples showing good/bad patterns add some value, the overall content could be reduced by 70%+ without losing actionable information. The lack of progressive disclosure and the absence of validation checkpoints in the workflow significantly weaken its utility.
Suggestions
Reduce content by 70%+: eliminate the step-by-step overview (Steps 1-6) since the Complete Review Checklist covers the same ground, and remove explanations of well-known concepts like SQL injection and XSS
Split detailed checklists (security, functionality, code quality) into separate referenced files, keeping only the Complete Review Checklist in the main SKILL.md
Add a clear workflow with decision points: e.g., 'If critical security issues found → block merge. If style-only issues → approve with comments'
Remove the 'When to Use This Skill', 'Common Pitfalls', 'Review Comment Templates', and 'Additional Resources' sections—these are generic knowledge that wastes tokens
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~350+ lines. Explains basic concepts Claude already knows (what code review is, what SQL injection is, what XSS is). The checklist items are largely common knowledge for Claude. Massive redundancy between the step-by-step sections, the example checklists, and the 'Complete Review Checklist' which repeats the same items. The 'Best Practices' do/don't lists, 'Common Pitfalls', and 'Review Comment Templates' all add bulk without novel information. | 1 / 3 |
Actionability | The code examples (good/bad patterns) are concrete and executable, which is helpful. However, the skill is fundamentally a checklist of questions rather than executable guidance—it tells Claude to 'check if inputs are validated' but doesn't provide specific tools, commands, or automated approaches. The review comment templates are somewhat actionable but generic. | 2 / 3 |
Workflow Clarity | Steps are listed (Step 1-6) providing a sequence, but there are no validation checkpoints or feedback loops. There's no guidance on what to do when issues are found (beyond generic 'fix it'), no prioritization of findings, and no clear decision points (e.g., when to block vs. approve with comments). The 'Pre-Review' section mentions running locally but doesn't integrate into a verification workflow. | 2 / 3 |
Progressive Disclosure | Monolithic wall of text with everything inline. The detailed checklists for functionality, security, and code quality (each with full code examples) should be in separate referenced files. The 'Related Skills' and 'Additional Resources' sections reference external content but the main body dumps everything into one massive document with no content splitting. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
Reviewed
Table of Contents