I Built a Claude Code Skill That Catches Bugs Before You Merge Them
I kept hitting the same pattern: ask Claude Code to review my PR, it says "looks clean, maybe add some tests," I merge. Then something breaks.
The problem isn't Claude — it's that a single unstructured pass isn't how good code review works. Senior engineers check correctness, then security, then performance, then tests — each as a separate focused pass.
Deep PR Review — 5 Structured Passes
So I built Deep PR Review — a Claude Code skill (one markdown file) that runs 5 structured review passes:
- Correctness — Logic errors, edge cases, race conditions, type safety
- Security — SQL injection, XSS, missing auth, data exposure (OWASP-aligned)
- Performance — N+1 queries, unbounded operations, missing indexes
- Maintainability — Dead code, complexity, naming consistency
- Test Coverage — Specific missing test scenarios (not generic "add tests")
Every finding gets severity + file:line + concrete fix.
Real Bugs Caught
In a 45-line Express endpoint that passed a quick review:
- SQL injection via string interpolation
- No auth middleware
- Full table scan on every request
- No input validation
- Zero tests
Install in 30 Seconds
mkdir -p .claude/skills
cp deep-pr-review.md .claude/skills/
$19 on Polar: https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym
Top comments (0)