Code Reviewer Pro
Senior code review line by line: bugs, security, missing tests — with concrete fixes and a clear verdict.
SKILL.md in the open agentskills.io standard — works directly in Claude, ChatGPT/Codex, Cursor, Copilot & more.
Code Reviewer Pro is an AI code-review skill for pull requests, diffs and files — reviewing line by line like a senior reviewer. Catches bugs, security flaws (OWASP/STRIDE) and missing tests with concrete fixes, paste-ready Conventional Comments and a clear verdict: LGTM / Request Changes.
What this skill does
- Starts with a PR overview (TL;DR, affected modules, risk areas) — lowers cognitive load
- Line-/diff-precise comments with a concrete fix, where possible as a committable suggestion block (apply in one click)
- Risk-based: reviews auth, queries, removed validations, money/data paths & incident areas more deeply, trivia quickly
- Finds bugs, edge cases and security holes (OWASP Top 10 / STRIDE)
- Checks dependencies/supply chain (CVEs, license, hallucinated packages) and AI-generated code (plausible-but-wrong)
- Surfaces missing & brittle tests and untested error paths
- Signal over noise: leaves mechanical nits to the linter, keeps nits short; high recall on bugs/security
- PR hygiene incl. size rule of thumb (≤ ~400 lines, else split), commit messages, scope
- Language presets (Python, JS/TS, Go, Java, SQL …), focus modes (security/tests/triage/architecture)
- States limits (static, not executed) and gives a clear verdict: LGTM / Request Changes
Description
Code-Reviewer Pro is a skill for AI code review and pull request review — it reviews your code line by line for bugs, security flaws, missing tests and maintainability. A deep, dev-focused code-review specialist for GitHub and GitLab. Works to the Google code-review standard (code health over perfection, blocking vs. nit, issue not person) and gives line-/diff-precise comments in Conventional Comments style (issue / suggestion / question / nitpick / praise), paste-ready for GitHub/GitLab. Review categories: correctness & bugs, edge cases, security (OWASP Top 10 / STRIDE, input validation, no secrets in code), tests (missing/brittle tests, untested error paths, coverage gaps), style & readability (naming, complexity, duplication), maintainability & structure, performance (N+1, hotspots), error handling & logging, API/interface design and PR hygiene (scope, commit messages, PR description). Language presets for Python, JS/TS, Go, Java/Kotlin and SQL with their typical pitfalls; other languages idiomatically. Optional focus modes: security, tests, quick triage (blockers only), architecture/design. Every review states its limits (static, not executed; only the shown excerpt) and ends with a clear verdict (LGTM / Request Changes). Surfaces vulnerabilities solely to fix them — no malicious code. For non-code reviews it points to the Review Architect, for deep statistics to the A/B Test Auditor.
Examples
What it does not do
- Writes no malicious code and builds no exploits — vulnerabilities only to fix them
- No sugar-coating and no tearing-down — always with a fix, blocking separated from nit
- Doesn't run the code (static review)
- Invents no secrets and passes none on
- Won't review non-code artifacts (use the Review Architect for that)
Compatibility & tech
- Tested (internal)
- 3 scenarios
- Recommended runtime
- Strongest available model; most effective in agentic tools (Claude Code/Codex/Cursor) with repo access.
- Modes
- PR/diff review · File/function · Security focus · Test focus · Quick triage · Architecture/design
- Inputs
- Pull request / diff · File · Function/snippet · optional: language, purpose, test status, coding guidelines
- Output format
- PR overview (TL;DR/modules/risk) + summary & verdict (LGTM/Request Changes), line-level Conventional Comments with severity & fix (committable suggestions), test gaps, 'not checked/assumptions', next step
- Subcategory
- Code quality & review
- License
- Proprietär
Security profile
Runs entirely on your machine with your own AI — no external runtime, no running costs.
Only instructions, templates and references — no executable scripts.
Works offline with what you provide — does not call external services on its own.
What you get
- code-reviewer-pro-1.4.0/4 files
- .claude-plugin/marketplace.json
plugins/code-reviewer-pro/skills/code-reviewer-pro/4 files
- SKILL.md
- manifest.json
references/2 files
- languages.md
- review-checklist.md
- .agents/skills/code-reviewer-pro/→ universal — same content (Codex, Cursor, Copilot, Gemini, Windsurf, Cline)
- LICENSE.txt
Installation
Also works as a chat prompt
No AI tool? Paste it into Claude, ChatGPT or Gemini and use the method right away.
This skill ships no scripts, so the prompt carries its full method.
Installing is the full version — it triggers automatically, runs its scripts and loads references as needed. As a chat prompt you drive the method by hand.
Unlock to copy the ready-to-paste prompt — then in “My Skills”.
Reviews
Note
A focused dev specialist (deeper than the Review Architect's code module). Best with language/framework, the code's purpose and test status. For reviews outside code → Review Architect.
Changelog
- v1.4.022.06.2026Platform-native output: now actively uses your platform's native formatting — tables, checklists, code blocks and clickable/button options, with a numbered fallback on non-interactive platforms. Plus internal metadata that prepares the upcoming agent builder.
- v1.3.018.06.2026Reworked to the AUTHORING v2 standard: realistic input/answer examples (incl. a calibration case), copy checklist(s) and internal evals; cross-references added.
- v1.2.018.06.2026Added references/languages.md: deeper detail reference via progressive disclosure; SKILL.md stays lean.
- v1.1.010.06.2026From web research (modern 2026 practices): PR overview/walkthrough first, committable suggestion blocks, risk-based depth, dependencies/supply chain (CVE/license/hallucinated packages) + AI-code check, signal-over-noise (mechanics to the linter, high recall on bugs/security), PR size rule of thumb (≤ ~400 lines).
- v1.0.010.06.2026Deep code-review specialist: line-precise Conventional Comments, OWASP/STRIDE security, test gaps, style/maintainability/performance, PR hygiene, language presets (Python/JS-TS/Go/Java/SQL), focus modes, LGTM/Request Changes verdict, limits stated; Google code-review better-not-perfect principle.
Frequently asked questions
What does Code Reviewer Pro do?
Code Reviewer Pro is an AI code-review skill for pull requests, diffs and files — reviewing line by line like a senior reviewer. Catches bugs, security flaws (OWASP/STRIDE) and missing tests with concrete fixes, paste-ready Conventional Comments and a clear verdict: LGTM / Request Changes.
How do I review a pull request properly?
Code-Reviewer Pro reviews a PR/diff/file line by line using the Google code-review standard: correctness & bugs, edge cases, security (OWASP/STRIDE), missing tests, style and performance — with concrete, paste-ready suggestions and a clear verdict (LGTM / Request Changes).
Which programming languages does the code review support?
Language presets for Python, JavaScript/TypeScript, Go, Java and SQL among others; the review adapts idioms and common pitfalls per language. The methodology is language-agnostic.
Does it find security vulnerabilities in the code?
Yes — it hunts vulnerabilities against OWASP/STRIDE, watches for supply-chain/dependency/CVE risks, and flags security-relevant findings as blocking rather than nits.
Does it replace a human reviewer?
No. It is a thorough first-pass review that catches the routine (bugs, tests, security, style) and saves the team time; the final call and the merge stay with you.
Which AI tools does Code Reviewer Pro work with?
Claude Code, Codex CLI, Cursor, GitHub Copilot, Gemini CLI (as a SKILL.md/rule) · Claude (Projects & system prompt) · ChatGPT (Custom GPT & custom instructions) · Any LLM (paste-in)
How do I use Code Reviewer Pro?
Code Reviewer Pro is a SKILL.md in the open agentskills.io standard: install it with one command (npx) or download it and add it to your AI tool — Claude (Projects), ChatGPT (Custom GPT), Cursor, Copilot, Gemini CLI and more. No code needed.