turingmind-code-review
🥈SilverAutomated code review for uncommitted changes using Claude Code. Benefits developers by catching bugs early, improving code quality, and reducing manual review time. Integrates with existing workflows, supporting Shell scripts and intermediate complexity tasks.
4200Updated 1mo ago
Intermediate30min to implementautomation
Saves ~60 min per use
Quick InstallView Source
git clone https://github.com/turingmindai/turingmind-code-review.gitWorks with:
Claude
Overview
About This Skill
TuringMind Code Review is a Claude Code skill that analyzes your uncommitted changes to catch bugs, security vulnerabilities, and architecture violations before they reach production. It runs two review modes—quick review for pre-commit checks and deep review for thorough pre-PR analysis—examining code for logic errors, SQL injection, XSS, null pointer access, race conditions, and team convention violations. The skill automatically filters out pre-existing issues and linter-territory problems, focusing only on issues introduced in your diff. It integrates seamlessly into existing workflows via Git hooks for pre-commit and pre-push automation, blocking critical issues while allowing warnings to pass through.
How to Use
1. **Set Up Environment:** Ensure you have [Claude Code](https://docs.anthropic.com/en/docs/claude-code) installed and authenticated. Navigate to your repository's root directory in your terminal. 2. **Run the Review:** Use the provided prompt template to generate a Claude Code command. Replace `[REPOSITORY_PATH]` with your local path (e.g., `./` or `~/projects/acme-crm`). Customize `[STYLE_GUIDE]` (e.g., PEP 8, Google Style) and `[PROJECT_SPECIFIC_RULES]` (e.g., team conventions). 3. **Review Output:** Claude Code will analyze uncommitted changes and return a structured report. Save the output to a file (e.g., `code_review_$(date +%Y%m%d).md`) for tracking. 4. **Address Issues:** Prioritize critical issues (e.g., security vulnerabilities) and fix them before committing. Use the detailed comments to guide your changes. 5. **Automate (Optional):** Set up a pre-commit hook or CI pipeline (e.g., GitHub Actions) to run this review automatically on every push. Example GitHub Actions workflow: ```yaml name: Automated Code Review on: [push] jobs: review: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: anthropics/claude-code-action@v1 with: prompt: "Perform an automated code review..." # Use the prompt template ``` **Tips for Better Results:** - Include project-specific rules (e.g., "No `print()` statements in production code") in the prompt. - For large repositories, split the review into batches (e.g., by directory) to avoid timeouts. - Use the `--max-tokens` flag in Claude Code to limit output size if needed.
Use Cases
Catch SQL injection and XSS vulnerabilities before committing code
Review code diffs for null pointer access and race conditions
Enforce team architecture patterns and CLAUDE.md compliance
Automate pre-commit security checks with Git hooks
Setup & Installation
Quick Install
No install command available. Check the GitHub repository for manual installation instructions.
Alternative Install (Git Clone)
git clone https://github.com/turingmindai/turingmind-code-reviewRequirements
- Claude Code or compatible AI agent
- Works with: Claude
Quick Start Guide
1
Install the Skill
Copy the install command above and run it in your terminal.
2
Open Your AI Agent
Launch Claude Code, Cursor, or your preferred AI coding agent.
3
Try It Out
Use the prompt template or examples below to test the skill.
4
Customize
Adapt the skill to your specific use case and workflow.
Usage Examples
Prompt Template
Perform an automated code review of the uncommitted changes in my [REPOSITORY_PATH] using Claude Code. Focus on: 1) Potential bugs or edge cases, 2) Code style and consistency with [STYLE_GUIDE], 3) Performance issues or inefficiencies, 4) Security vulnerabilities, and 5) Adherence to [PROJECT_SPECIFIC_RULES]. Provide a summary of critical issues that need immediate attention, followed by detailed comments for each file. Use the following command to start: `cd [REPOSITORY_PATH] && git diff --name-only` to identify changed files.
Example Output
### Automated Code Review Report for uncommitted changes in `acme-crm` repository
**Summary of Critical Issues (Require Immediate Attention):**
1. **SQL Injection Risk** in `src/db/queries.py` (Line 42): The `user_id` parameter in `get_user_orders()` is directly interpolated into the SQL query without parameterization. This could allow SQL injection if `user_id` comes from user input. **Fix:** Use `cursor.execute("SELECT * FROM orders WHERE user_id = %s", (user_id,))` instead.
2. **Memory Leak** in `src/services/cache_service.py` (Line 127): The `cache.set()` method is called without a TTL (Time-To-Live), causing cached data to grow indefinitely. **Fix:** Add `ttl=3600` (1 hour) to the `set()` call.
3. **Race Condition** in `src/workers/email_worker.py` (Line 89): The `send_email()` function assumes the SMTP connection is always available. If the connection drops, the function will fail silently. **Fix:** Implement retry logic with exponential backoff.
---
### Detailed Review by File:
#### `src/db/queries.py`
- **Issue (Line 42):** SQL injection vulnerability in `get_user_orders()`.
```python
# Current (Vulnerable):
query = f"SELECT * FROM orders WHERE user_id = {user_id}"
# Recommended:
query = "SELECT * FROM orders WHERE user_id = %s"
cursor.execute(query, (user_id,))
```
- **Issue (Line 78):** Hardcoded database credentials in `DB_CONFIG`. Use environment variables instead.
#### `src/services/cache_service.py`
- **Issue (Line 127):** Unbounded cache growth.
```python
# Current:
cache.set(key, data)
# Recommended:
cache.set(key, data, ttl=3600)
```
- **Issue (Line 156):** Missing error handling for Redis connection failures.
#### `src/workers/email_worker.py`
- **Issue (Line 89):** No retry logic for SMTP failures.
```python
# Current:
def send_email(to, subject, body):
smtp.sendmail(from_addr, to, subject, body)
# Recommended:
def send_email(to, subject, body, max_retries=3):
for attempt in range(max_retries):
try:
smtp.sendmail(from_addr, to, subject, body)
break
except SMTPException as e:
if attempt == max_retries - 1:
raise
time.sleep(2 ** attempt)
```
---
### Suggestions for Improvement:
1. **Test Coverage:** Add unit tests for `queries.py` to verify SQL injection protections.
2. **Logging:** Add logging for cache misses and SMTP failures to aid debugging.
3. **Documentation:** Update docstrings in `cache_service.py` to clarify TTL usage.
**Next Steps:**
- Address critical issues (SQL injection, memory leak, race condition) first.
- Run `pytest` to ensure no regressions after fixes.
- Consider adding a pre-commit hook to automate this review process.
**Files Reviewed:** 12
**Critical Issues Found:** 3
**Warnings:** 5
**Suggestions:** 3Apply to these tools
Browse all toolsRevi
AI-enabled M&A deal origination
Claude
AI assistant built for thoughtful, nuanced conversation
IronCalc
IronCalc is a spreadsheet engine and ecosystem
Supahub
Customer feedback management made simple
ServiceNow
Enterprise workflow automation and service management platform
GPT for work
Automate your spreadsheet tasks with AI power
Compatible MCP servers
Browse all MCP servers
Find the right skills for your stack
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan