I Built a Claude Code Skill That Catches Bugs Before You Merge Them

I kept hitting the same pattern: ask Claude Code to review my PR, it says "looks clean, maybe add some tests," I merge. Then something breaks.

The problem isn't Claude — it's that a single unstructured pass isn't how good code review works. Senior engineers check correctness, then security, then performance, then tests — each as a separate focused pass.

Deep PR Review — 5 Structured Passes

Deep PR Review is a Claude Code skill (one markdown file) that runs 5 structured review passes:

1. Correctness — Logic errors, edge cases, race conditions, type safety
2. Security — SQL injection, XSS, missing auth, data exposure (OWASP-aligned)
3. Performance — N+1 queries, unbounded operations, missing indexes
4. Maintainability — Dead code, complexity, naming consistency
5. Test Coverage — Specific missing test scenarios (not generic "add tests")

Every finding gets severity + file:line + concrete fix. Output is a structured verdict: APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION.

Real Bugs Caught

In a 45-line Express endpoint that passed a quick review:

• SQL injection via string interpolation
• No auth middleware — any user can search
• LIKE '%query%' = full table scan on every request
• No input validation on limit parameter
• Zero test coverage

Install in 30 Seconds

mkdir -p .claude/skills
cp deep-pr-review.md .claude/skills/

That's it. Works with any language.

$19 on Polar: https://buy.polar.sh/polar_cl_KzwbRqVqMgarD3NrOc00TYmKB3vwAJjKDq5be2HB7ym?utm_source=devto&utm_medium=post&utm_campaign=launch

Landing page: https://dpr.atlas1m.com