A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Free AI-powered code review skill for Claude Code CLI — alternative to CodeRabbit
280+ automated code review checks. Free. Local. Privacy-first. Open-source alternative to CodeRabbit.
$ claude "review PR 42"
## Code Review: PR #42 — Add user authentication
Critical (2): SQL injection in auth.ts:45, weak crypto in crypto.ts:12
High (3): IDOR in user.ts:78, N+1 query in data.ts:23, XSS in Form.tsx:156
Medium (5): DRY violations, missing error handling...
Risk Level: HIGH — 2 critical issues must be fixed before merge.
A skill for Claude Code that enables automated, comprehensive code review with 280+ checks across 15 categories:
| Feature | CodeRabbit | Anthropic Official | This Skill |
|---|---|---|---|
| Price | $15-30/user/month | Free (API only) | Free (API only) |
| Checks | ~50 | No fixed list | 280+ |
| Approach | SaaS | 4 parallel agents | Checklist-based |
| Focus | General | CLAUDE.md compliance | Security, Perf, Quality |
| Confidence scoring | No | Yes (≥80) | Yes (≥70) |
| Git blame analysis | No | Yes | Yes |
| Language-specific | Limited | No | React, TS, Python, Node |
| Privacy | Their servers | Local | Local |
mkdir -p .claude/skills/code-review
curl -o .claude/skills/code-review/SKILL.md \
https://raw.githubusercontent.com/anthroos/claude-code-review-skill/main/SKILL.md
mkdir -p ~/.claude/skills/code-review
curl -o ~/.claude/skills/code-review/SKILL.md \
https://raw.githubusercontent.com/anthroos/claude-code-review-skill/main/SKILL.md
brew install gh && gh auth loginclaude "full code review"
claude "review PR 123"
claude "security review my changes"
claude "check performance issues in PR 456"
claude "review PR 123 and post comments"
## Code Review Summary
**Reviewed:** 5 files, 234 lines changed
**Risk Level:** High
### Critical Issues (2)
1. [src/api/auth.ts:45] **SQL Injection** — User input passed directly to query
→ Use parameterized queries: `db.query('SELECT * FROM users WHERE id = ?', [userId])`
2. [src/utils/crypto.ts:12] **Weak cryptography** — Using MD5 for password hashing
→ Use bcrypt or argon2 instead
### High Priority (3)
1. [src/services/user.ts:78] **IDOR vulnerability** — Missing ownership check
2. [src/api/data.ts:23] **N+1 query** — 50 queries in loop, use JOIN or batch
3. [src/components/Form.tsx:156] **XSS** — dangerouslySetInnerHTML with user content
### Medium Priority (5)
1. [src/utils/helpers.ts:34] **DRY violation** — Duplicate code in 3 places
2. [src/api/users.ts:89] **Missing error handling** — Empty catch block
...
### Good Practices
- Consistent error handling in services/
- Good TypeScript usage with proper types
- Comprehensive test coverage for auth module
Add to .git/hooks/pre-push:
#!/bin/bash
set -e
echo "Running AI code review..."
# Run review and capture output
REVIEW_OUTPUT=$(claude "quick review of staged changes, list only critical issues as bullet points" --print 2>&1) || true
# Check if critical issues were found
if echo "$REVIEW_OUTPUT" | grep -qi "critical\|security\|injection\|vulnerability"; then
echo ""
echo "⚠️ Potential critical issues found:"
echo "$REVIEW_OUTPUT"
echo ""
read -p "Push anyway? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Push cancelled."
exit 1
fi
fi
echo "✓ Review passed"
name: AI Code Review
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Claude Code
run: npm install -g @anthropic-ai/claude-code
- name: Install Review Skill
run: |
mkdir -p .claude/skills/code-review
curl -o .claude/skills/code-review/SKILL.md \
https://raw.githubusercontent.com/anthroos/claude-code-review-skill/main/SKILL.md
- name: Run Review
run: claude "review this PR, post comment with findings" --print
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
You can modify the SKILL.md to:
| Level | Action | Examples |
|---|---|---|
| Critical | Must fix before merge | SQL injection, hardcoded secrets |
| High | Should fix before merge | XSS, N+1 queries, auth bypass |
| Medium | Fix soon | DRY violations, missing tests |
| Low | Nice to have | Naming, comments |
The skill is designed to minimize false positives, but if you encounter them:
claude "review PR 123 --severity=high"
claude "security review PR 123"
claude "review PR 123 --focus=bugs,security"
"ignore the N+1 warning in admin routes - it's intentional, low traffic"
"skip any type warnings in src/legacy/ - that's legacy code"
Add comments to suppress specific issues:
// @review-ok: parameterized query handled by ORM
const query = `SELECT * FROM users WHERE id = ${sanitizedId}`;
# @review-ok: global cache intentional for performance
CACHE = {}
If the same false positive keeps appearing, open an issue with:
MIT — use freely, modify as needed.
Contributions welcome! See CONTRIBUTING.md for guidelines. Add new checks, improve detection patterns, or add language-specific rules.
Part of the Claude Code tools suite:
| Repo | Purpose |
|---|---|
| plaintext-crm | AI-native CRM in your IDE |
| claude-code-review-skill (this) | AI code review (280+ checks) |
| plaintext-pm | AI-native project management |
Built by @anthroos at WeLabelData for the Claude Code community.
1000+ skills curated from Anthropic, Vercel, Stripe, and other engineering teams
@user_bdd01887CommunityDesign enforcement with memory — keeps your UI consistent across a project
Universal SEO skill for Claude Code. 25 sub-skills + 18 sub-agents covering technical SEO, E-E-A-T, schema, GEO/AEO, bac
Route Claude Code traffic to any of 17 provider backends including free or local models
