Guide

Best agent Skills for code review

The best agent Skill for code review is code-review-plugin — Anthropic-built, bundled with Claude Code, invoked with /review, and it emits severity-tagged findings (bugs, security, performance, style) you can paste straight into a PR. For security-biased reviews use trail-of-bits; to cut over-engineering, run simplify as a second pass.

A review Skill changes how the agent reviews — it does not replace your judgment. Pair the structured pick with a security pick and you cover both correctness and risk.

Top pick

code-review-plugin

Anthropic-built, bundled with Claude Code, invoked with /review. Produces severity-tagged findings (bugs, security, performance, style) that you can paste straight into a PR comment.

Best when: Pre-merge review on Claude Code where you want a consistent, quotable format with zero install.

Ranked

The shortlist

Ranked by fit for the common case, not by raw popularity. Each is a catalogued, verified Skill — open the skill page for the composite score, license, and full install commands.

SkillSourceBest whenVerified agents
code-review-pluginOfficialPre-merge review on Claude Code where you want a consistent, quotable format with zero install.Claude Code
trail-of-bitsVerifiedReviews where vulnerabilities matter more than formatting, or pre-release audit passes.Claude Code, Cursor, Codex
simplifyCommunityA second review pass to cut a 500-line change back to the 50 lines it should have been.Claude Code
superpowersCommunityYou want review to be a stage in a structured engineering workflow, not a one-off.Claude Code, Cursor, Codex

See every entry, ranked by composite score, in the Code Quality & Review category.

Why these

Pick by pick

  1. 1
    code-review-plugin

    Anthropic-built, bundled with Claude Code, invoked with /review. Produces severity-tagged findings (bugs, security, performance, style) that you can paste straight into a PR comment.

  2. 2
    trail-of-bits

    Published by the security firm Trail of Bits. Runs CodeQL + Semgrep static analysis and structured audit workflows — review with a security bias rather than style nitpicks.

  3. 3
    simplify

    A focused refactor/simplification pass — targets over-engineering and unnecessary complexity rather than finding bugs.

  4. 4
    superpowers

    A 20+ skill workflow library with a review phase built into its brainstorm → spec → plan → build → review → merge loop, with TDD baked in.

FAQ

Common questions

What is the best Claude skill for code review?

code-review-plugin. It is built by Anthropic, ships bundled with Claude Code, and runs with the /review command — no install. It produces a structured review with severity-tagged findings across bugs, security, performance, and style, formatted so you can quote it directly in a PR comment.

Which code-review skill is best for security?

trail-of-bits, published by the security firm Trail of Bits. It runs CodeQL and Semgrep static analysis plus structured audit workflows, so the review is weighted toward real vulnerabilities rather than style. It is verified working on Claude Code, Cursor, and Codex.

Do these review skills work outside Claude Code?

It varies and we list only verified-working agents. trail-of-bits and superpowers are verified on Claude Code, Cursor, and Codex; code-review-plugin and simplify are catalogued for Claude Code (code-review-plugin is bundled there). Check each skill page for the current list.

Should I use a skill or an MCP server for code review?

A Skill encodes the review methodology — the checklist, severity model, and output format. An MCP server gives the agent access to something like your GitHub PRs. Most review flows use both: the Skill knows how to review, an MCP or the CLI fetches the diff. See skills vs subagents vs MCP vs plugins for the distinction.

Other surfaces

Same job, different tooling

Related

More best-skill guides

New to Skills? What is a Claude skill · How to install · Skills vs subagents vs MCP vs plugins