SkillHub
SkillHubagent skills marketplace
Menu
All SkillsStacksKOLHotRankings
Sign inGet Pro
Back to skills
SkillHub ClubShip Full StackFull Stack

code-review

Standards for reviewing Go code changes in this project. Use when asked to review code, check changes, or validate pull requests.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars
0
Hot score
74
Updated
March 19, 2026
Overall rating
C0.0
Composite score
0.0
Best-practice grade
S96.0

Install command

npx @skill-hub/cli install feraudet-file-viewer-code-review

Repository

feraudet/file-viewer

Skill path: .claude/skills/code-review

Standards for reviewing Go code changes in this project. Use when asked to review code, check changes, or validate pull requests.

Open repository

Best for

Primary workflow: Ship Full Stack.

Technical facets: Full Stack.

Target audience: everyone.

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: feraudet.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

  • Install code-review into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
  • Review https://github.com/feraudet/file-viewer before adding code-review to shared team environments
  • Use code-review for development workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

Original source / Raw SKILL.md

---
name: code-review
description: Standards for reviewing Go code changes in this project. Use when asked to review code, check changes, or validate pull requests.
allowed-tools: Read, Grep, Glob, Bash
---

# Code Review Standards

## Checklist

### Security
- [ ] Path traversal: All file paths use `filepath.Clean()` before access
- [ ] XSS prevention: User content escaped with `html.EscapeString()`
- [ ] No arbitrary command execution
- [ ] HTTP headers set correctly (Content-Type)

### Go Idioms
- [ ] Errors handled immediately after function calls
- [ ] `defer` used for cleanup (Close, etc.)
- [ ] No shadowed variables
- [ ] Consistent naming (camelCase for private, PascalCase for exported)

### HTTP Handler Quality
- [ ] Request logging present
- [ ] Appropriate status codes returned
- [ ] Content-Type header set
- [ ] Early returns for error cases

### Markdown Parser
- [ ] New features don't break existing syntax
- [ ] HTML properly escaped in output
- [ ] Inline processing order preserved (math/code first)
- [ ] State machines properly closed (lists, tables, code blocks)

### Performance
- [ ] No regex compilation inside hot loops
- [ ] `strings.Builder` used for string concatenation
- [ ] HTTP client has timeout set

## Common Issues

### Path Security
```go
// BAD: Direct path usage
http.ServeFile(w, r, r.URL.Query().Get("path"))

// GOOD: Clean and validate
path := filepath.Clean(r.URL.Query().Get("path"))
info, err := os.Stat(path)
if err != nil || info.IsDir() {
    http.Error(w, "Not found", 404)
    return
}
http.ServeFile(w, r, path)
```

### HTML Escaping
```go
// BAD: Raw user content in HTML
fmt.Sprintf("<p>%s</p>", userContent)

// GOOD: Escaped content
fmt.Sprintf("<p>%s</p>", html.EscapeString(userContent))
```

## Review Commands

```bash
# Check for unescaped HTML output
grep -n 'fmt.Sprintf.*<' main.go | grep -v 'EscapeString'

# Find path usage without Clean
grep -n 'os.Stat\|os.ReadFile\|http.ServeFile' main.go
```
code-review | SkillHub