Git代码审查技能：自动化审查未提交更改，提升代码质量与安全性

review by buiducnhat/agent-skills

159 周安装量

41 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/buiducnhat/agent-skills --skill review

开发自动化代码质量

🇨🇳中文介绍

审查

概述

使用此技能来审查当前 git 工作区中未提交的更改。重点关注正确性、安全性、可维护性以及与项目标准的对齐程度。

审查必须生成：

更改内容的简明摘要
带有严重性标签的优先级发现项
可操作的修复建议
最终裁决（Approve 或 Request Changes）

工作流程

步骤 1：收集上下文

检查当前更改： * git diff * git diff --cached（如果存在暂存的更改）
阅读完整的修改文件（不仅仅是差异块），以理解周围的逻辑和架构。
在判断风格/模式之前，根据共享的上下文加载协议加载项目上下文。
对涉及的领域运行相关的质量检查（在可行时进行代码检查/类型检查/测试）。

步骤 2：分析更改

从以下维度评估每项更改：

正确性 - 行为是否符合预期要求？
安全性与安全性 - 是否存在漏洞、数据泄露、身份验证缺口或不安全的假设？
可靠性 - 是否处理了边界情况、空状态、重试和错误路径？
风格与一致性 - 代码是否遵循项目约定和既定模式？

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

步骤 3：按严重性对发现项进行分类

使用以下标准为每个发现项分配一个严重性等级：

S0 - 严重
- 导致生产中断的问题、严重的安全风险、数据损坏/丢失或不可逆的副作用
- 必须在合并前修复
S1 - 高
- 可能的错误、正确性缺陷、重大的可靠性问题或主要缺失的验证
- 应在合并前修复
S2 - 中
- 非阻塞性问题，但会影响可维护性、性能或清晰度
- 建议尽快修复
S3 - 低
- 次要的改进、润色或风格层面的建议
- 可选，除非团队标准要求

步骤 4：生成结构化的审查报告

使用以下报告格式，严格按照此部分顺序。

更改内容（2-6 个要点）
风险概况（低/中/高）
已审查的区域（文件/模块）

对于每个发现项，使用此模板：

ID : R-001（递增）
严重性 : S0 | S1 | S2 | S3
类别 : Correctness | Security | Reliability | Style | Performance | Testing | Maintainability
位置 : path/to/file.ext#Lx-Ly（或函数/类名）
问题 : 对问题的清晰陈述
重要性 : 对用户/系统的影响
建议 : 具体的修复指导
置信度 : High | Medium | Low

如果不存在发现项，请明确写明：No actionable findings。

列出观察到的良好实践，例如：

新增了强大的测试覆盖率
清晰的关注点分离
周到的错误处理
一致的风格和命名

4) 必须修复清单

仅包含 S0 和 S1 级别的发现项：

R-00X 简短的修复描述
R-00Y 简短的修复描述

如果没有，请声明：No must-fix items。

使用以下之一：

Approve - 不存在阻塞性问题（S0/S1）。
Request Changes - 发现一个或多个阻塞性问题（S0/S1）。

重新审查重点 : 修复后需要重新检查的确切文件/区域。

尽可能具体并引用确切位置。
不要孤立地评判代码；始终考虑周围上下文。
倾向于提供可操作的建议，而非模糊的批评。
清晰区分阻塞性和非阻塞性反馈。
避免推测性断言；如果不确定，请降低置信度并解释原因。
反馈应与项目文档和编码标准保持一致。

审查质量检查清单

在最终确定前，确认：

所有修改的文件都已结合上下文进行了审查
每个发现项都有严重性、影响和修复建议
阻塞性问题已分离到必须修复清单中
最终裁决与发现项的严重性等级相符
反馈简洁、精确且可实施

🇺🇸English

Review

Overview

Use this skill to review uncommitted changes in the current git workspace.
Focus on correctness, safety, maintainability, and alignment with project standards.

The review must produce:

A concise summary of what changed
Prioritized findings with severity labels
Actionable fix suggestions
A final verdict (Approve or Request Changes)

Workflow

Step 1: Gather Context

Inspect current changes:
- git diff
- git diff --cached (if staged changes exist)
Read the full modified files (not only the diff hunks) to understand surrounding logic and architecture.
Load project context per the shared Context Loading Protocol before judging style/patterns.
Run relevant quality checks for touched areas (lint/type/tests when practical).

Step 2: Analyze Changes

Evaluate each change across these dimensions:

Correctness - Does behavior match intended requirements?
Safety & Security - Are there vulnerabilities, data leaks, auth gaps, or unsafe assumptions?
Reliability - Are edge cases, null states, retries, and error paths handled?
Style & Consistency - Does code follow project conventions and established patterns?
Performance - Any unnecessary expensive operations or regressions?
Testing - Are critical paths covered with appropriate tests?
Maintainability - Is the code clear, modular, and easy to evolve?

Step 3: Classify Findings by Severity

Assign one severity per finding using this rubric:

S0 - Critical
- Production-breaking issue, severe security risk, data corruption/loss, or irreversible side effects
- Must be fixed before merge
S1 - High
- Likely bug, correctness flaw, significant reliability issue, or major missing validation
- Should be fixed before merge
S2 - Medium
- Non-blocking but meaningful issue affecting maintainability, performance, or clarity
- Fix recommended soon
S3 - Low
- Minor improvement, polish, or style-level suggestion
- Optional unless team standards require it

Step 4: Produce Structured Review Report

Use the report format below in this exact section order.

Output Format

1) Summary

What changed (2-6 bullets)
Risk profile (low/medium/high)
Areas reviewed (files/modules)

2) Findings

For each finding, use this template:

ID : R-001 (incrementing)
Severity : S0 | S1 | S2 | S3
Category : Correctness | Security | Reliability | Style | Performance | Testing | Maintainability
Location : path/to/file.ext#Lx-Ly (or function/class name)
Issue : Clear statement of the problem
Why it matters : User/system impact
Suggestion : Concrete fix guidance
Confidence : High | Medium | Low

If no findings exist, explicitly write: No actionable findings.

3) Positive Notes

List good practices observed, such as:

Strong test coverage additions
Clean separation of concerns
Thoughtful error handling
Consistent style and naming

4) Must-Fix Checklist

Include only S0 and S1 findings:

R-00X short fix description
R-00Y short fix description

If none, state: No must-fix items.

5) Verdict

Use one of:

Approve - No blocking issues (S0/S1) remain.
Request Changes - One or more blocking issues (S0/S1) found.

Optionally include:

Re-review focus : exact files/areas to re-check after fixes.

Rules

Be specific and cite exact locations whenever possible.
Do not judge code in isolation; always consider surrounding context.
Prefer actionable suggestions over vague criticism.
Distinguish clearly between blocking and non-blocking feedback.
Avoid speculative claims; if uncertain, lower confidence and explain why.
Align feedback with project documentation and coding standards.

Review Quality Checklist

Before finalizing, confirm:

All modified files were reviewed with context
Each finding has severity, impact, and fix suggestion
Blocking issues are separated into a must-fix checklist
Final verdict matches the finding severities
Feedback is concise, precise, and implementable

Weekly Installs

Repository

buiducnhat/agent-skills

GitHub Stars

First Seen

10 days ago

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code67

cursor51

antigravity43

github-copilot39

gemini-cli37

opencode33

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

152,900 周安装