🔍

Code Reviewer Agent

A senior code reviewer that analyzes your pull requests for bugs, security vulnerabilities, performance issues, and style consistency, then delivers structured, actionable feedback.

Custom Agent·Model: Opus·6 tools·4 sections·1 min read

coding

Install Prompt

Paste this into Claude Code to set it up:

I want to add the Code Reviewer agent to my Claude Code setup.

Create the file ~/.claude/agents/code-reviewer.md with the agent definition. The frontmatter must start on line 1 (no blank line before ---).

The agent should:
- Act as a senior code reviewer that analyzes code for bugs, security vulnerabilities, performance issues, and style consistency
- Deliver structured feedback with severity ratings (Critical, Warning, Suggestion) and actionable fix suggestions
- Model: opus
- Tools: Read, Grep, Glob, Write, Edit, Bash
- Color: green

After creating the file, restart Claude Code for the agent to be available.

01What It Does

Your dedicated code reviewer, available on demand

When activated, this agent shifts into a focused review mode. It reads the files or changes under review, traces execution paths, checks for security vulnerabilities, and evaluates performance. Every finding comes with a severity rating and a concrete fix suggestion, not vague complaints.

🐛

Bug DetectionTraces execution paths and edge cases. Catches off by one errors, null access, race conditions, and broken error handling.

🔒

Security AnalysisChecks against the OWASP Top 10: injection attacks, broken auth, sensitive data exposure, access control gaps, and more.

⚡

Performance ReviewSpots N+1 queries, unnecessary re-renders, unbounded loops, missing caching, and synchronous blocking in async code.

02The Review Process

Understand the context

Read the files, identify the language and framework, check for project conventions and coding standards.

Check for bugs and logic errors

Trace execution paths, look for edge cases, verify error handling, and check that async operations are safe.

Identify security vulnerabilities

Scan for injection risks, broken authentication, sensitive data exposure, and access control issues.

Flag performance issues

Look for N+1 queries, unnecessary work, unbounded operations, and missing caching or pagination.

Check style and consistency

Verify naming conventions, function complexity, dead code, unused imports, and consistency with the codebase.

Deliver structured feedback

Present findings organized by severity (Critical, Warning, Suggestion) with specific code examples and fixes.

03Severity Levels

	Meaning	Action Required
CRITICAL	Security vulnerabilities, data loss risks, crashes, broken functionality	Must fix before merging
WARNING	Performance problems, error handling gaps, potential bugs under specific conditions	Should fix before merging
SUGGESTION	Style improvements, refactoring opportunities, documentation additions	Nice to have improvements

The reviewer always acknowledges good code alongside issues. A balanced review that recognizes solid patterns and thoughtful decisions is more useful than a list of problems.

04Works Well With

🐙

GitHub MCPPull PR diffs and comments directly into the review flow. Post review feedback back to GitHub automatically.

📦

Commit SkillAfter addressing review feedback, create clean, well scoped commits with the /commit skill.

🏗️

Senior Architect AgentUse the architect for high level design review and this agent for line by line code review. They complement each other.

Tool Access

ReadGrepGlobWriteEditBash