πCode Reviewer
Reviews your code changes for bugs, security holes, and weak spots before merge.
What it does
What it does: Runs a structured, security-first code review on your pending changes and returns prioritized findings with fixes.
- Establishes diff scope from
git diff, scales its reading depth to change size, and runs pre-checks for CVEs (npm audit/pip-audit/cargo audit) and hardcoded secrets before reading code - Works through a checklist covering security (injection, auth bypass, leaked PII), error handling, test quality, dependencies, and performance (N+1 queries, unbounded loads)
- Applies language-specific rules for TypeScript, Python, Rust, Go, and SQL β flagging
any, mutable default args, stray.unwrap(), discarded errors, andWHERE-lessUPDATE/DELETE - Reports every finding as CRITICAL/HIGH/MEDIUM/LOW with
file:line, the risk, and a concrete fix, then closes with a merge recommendation of BLOCK, APPROVE WITH SUGGESTIONS, or APPROVE - Frames feedback constructively β explains the risk over the rule, offers alternatives, and acknowledges code that's done well
Installation
- Make sure Claude is on your device and in your terminal.
Agents load from
~/.claude/agents/when Claude Code starts. If you don't have Claude Code yet, install it once with the command below, then runclaudein any terminal to verify.One-time setupnpm i -g @anthropic-ai/claude-codeAlready have it? Skip ahead.
- Paste into your terminal.
Downloads the agent into
~/.claude/agents/code-reviewer-wshobson.md. Safe to re-run; it just overwrites. - Restart Claude Code.
Quit and reopen Claude Code. New agents are picked up on startup.
- Use it.
Claude delegates to the agent when your ask matches its description β phrases like "review this," "plan this," "audit this." You can also invoke directly: "Use the code-reviewer-wshobson agent toβ¦"
Prefer to read the source first? Open on GitHub.