code-smells-skill
agent
Warn
Health Warn
- No license รขโฌโ Repository has no license file
- Description รขโฌโ Repository has a description
- Active repo รขโฌโ Last push 0 days ago
- Low visibility รขโฌโ Only 5 GitHub stars
Code Warn
- Code scan incomplete รขโฌโ No supported source files were scanned during light audit
Permissions Pass
- Permissions รขโฌโ No dangerous permissions requested
Purpose
This tool acts as an AI agent skill designed to improve code quality during development and code reviews. It identifies over 120 named code smells and provides before/after examples across a wide variety of popular programming languages.
Security Assessment
Because the automated code scan was unable to detect supported source files, a direct inspection of the underlying logic could not be completed. However, no dangerous permissions are requested, and typical agents of this type operate strictly on text processing rather than executing shell commands or making external network requests. The overall risk is rated as Low. There are no hardcoded secrets detected, but you should still manually verify what data the agent sends to your specific AI model provider.
Quality Assessment
The project appears to be actively maintained, with its most recent update pushed today. Despite this fresh activity, it suffers from extremely low community visibility, evidenced by only 5 GitHub stars and the absence of a README file. Additionally, there is no license file included. This means there are no formal legal terms granting usage rights, which poses a potential compliance issue for commercial environments.
Verdict
Use with caution due to the lack of a software license and incomplete code transparency.
This tool acts as an AI agent skill designed to improve code quality during development and code reviews. It identifies over 120 named code smells and provides before/after examples across a wide variety of popular programming languages.
Security Assessment
Because the automated code scan was unable to detect supported source files, a direct inspection of the underlying logic could not be completed. However, no dangerous permissions are requested, and typical agents of this type operate strictly on text processing rather than executing shell commands or making external network requests. The overall risk is rated as Low. There are no hardcoded secrets detected, but you should still manually verify what data the agent sends to your specific AI model provider.
Quality Assessment
The project appears to be actively maintained, with its most recent update pushed today. Despite this fresh activity, it suffers from extremely low community visibility, evidenced by only 5 GitHub stars and the absence of a README file. Additionally, there is no license file included. This means there are no formal legal terms granting usage rights, which poses a potential compliance issue for commercial environments.
Verdict
Use with caution due to the lack of a software license and incomplete code transparency.
๐ฆจ Stop shipping smelly code. 120+ named code smells with before/after examples across C, C++, C#, Java, Python, Go, Rust, JavaScript, TypeScript & SQL โ an AI agent skill that improves code quality during both development and code review.
README.md
๐ฆจ code-smells
Stop shipping smelly code. 120+ named code smells with before/after examples across C, C++, C#, Java, Python, Go, Rust, JavaScript, TypeScript & SQL โ an AI agent skill that improves code quality during both development and code review.
What It Does
Drop this skill into your AI coding agent and get an expert code reviewer that:
- Identifies code smells by name โ not just "this looks bad"
- Explains why each smell is harmful and what it costs you
- Shows concrete before/after refactoring examples
- Prioritizes findings by severity so you fix the right things first
- Covers 10 languages in one skill โ no separate tools to configure
Languages
C ยท C++ ยท C# ยท Java ยท Python ยท Go ยท Rust ยท JavaScript ยท TypeScript ยท SQL
Smell Categories
| Category | Examples |
|---|---|
| Naming & Linguistic | Abstract Names, Linguistic Confusion, Comedian Methods, Spelling Mistakes |
| Structure & Complexity | Arrow Code, Long Parameter List, Boolean Trap, Cyclomatic Complexity |
| OOP | God Objects, Shotgun Surgery, Primitive Obsession, Middle Man |
| Functional | Pure Functions, Side Effects, Hidden Assumptions, Premature Memoization |
| Testing | Float Assertions, Over-Mocking, Test Without Assertion, Tests Depending on Dates |
| Error Handling | Crowdstrike Null, Not Sanitized Input, Invalid Id = 9999 |
| Data & Types | Magic Numbers, Mutable Constants, Stringly Typed, Yoda Conditions |
| Security | Hardcoded Credentials, Insecure Random, Open Redirect |
| Concurrency | Race Condition, Global State, New Date() in Business Logic |
| SQL | N+1 Query, SELECT *, God Query, Missing Index |
| Language-Specific | Mutable Default Args (Python), .unwrap() (Rust), async void (C#), == vs === (JS) |
Severity System
| Severity | Action | |
|---|---|---|
| ๐ด | Critical | Fix before merge โ bugs, crashes, security holes |
| ๐ | Major | Fix this sprint โ maintainability and design debt |
| ๐ก | Minor | Fix when you're in the area |
| ๐ต | Style | Automate with a linter |
Installation
This skill uses the Agent Skills open standard โ compatible with Claude Code, OpenAI Codex CLI, and any agent that supports SKILL.md.
# Claude Code โ install from marketplace
/plugin marketplace add barlevysh/code-smells-skill
# Any agent โ clone and copy to your skills directory
git clone https://github.com/barlevysh/code-smells-skill.git
cp -r code-smells ~/.claude/skills/ # Claude Code
cp -r code-smells ~/.codex/skills/ # OpenAI Codex CLI
Usage
Just ask naturally โ the agent loads the skill automatically when code review is relevant:
Review this function for code smells.
What's wrong with this Python class?
Find all the testing smells in this file.
Explain what Shotgun Surgery is and show me an example in Go.
Output Format
Each finding is reported as:
### ๐ด Crowdstrike Null
**What it is:** Dereferencing a pointer without checking for null first.
**Why it's harmful:** Causes crashes in production โ responsible for the 2024 CrowdStrike outage.
**Where found:** Line 42, processData()
Before:
int value = data->value; // CRASH if data is NULL
After:
if (data == NULL) { log_error("null data"); return; }
int value = data->value;
Skill Structure
code-smells/
โโโ SKILL.md # Master index + workflow
โโโ references/
โโโ smells-naming.md # 13 naming & linguistic smells
โโโ smells-structure.md # 17 structural & complexity smells
โโโ smells-oop.md # 29 OOP smells
โโโ smells-functional.md # 9 functional & pure-code smells
โโโ smells-testing.md # 15 testing smells
โโโ smells-error-handling.md # 15 error handling & data smells
โโโ smells-data.md # Dead code, duplication & paradigm smells
โโโ smells-security.md # 8 security + 4 concurrency smells
โโโ smells-concurrency.md # concurrency & state smells
โโโ smells-sql.md # 11 SQL smells
โโโ smells-language-specific.md # Per-language gotchas
Uses progressive disclosure โ only relevant reference files are loaded per review, keeping context lean.
Why Not Just Use a Linter?
Linters catch formatting and syntax. This skill catches design problems:
- A linter can't tell you your class has Feature Envy
- A linter won't explain why Shotgun Surgery makes your codebase fragile
- A linter won't show you a before/after refactoring in your own language
- A linter won't prioritize findings by business impact
Contributing
Found a smell that's missing? PRs welcome.
- Fork the repo
- Add your smell to the appropriate
references/smells-*.mdfile - Follow the existing format: name, severity, languages, definition, harm, before/after
- Update the index in
SKILL.md - Open a PR
License
MIT
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found