← Back to Skills Marketplace
Postgres Code Review
by
Kevin Anderson
· GitHub ↗
· v1.1.1
· MIT-0
228
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install postgres-code-review
Description
Reviews PostgreSQL code for indexing strategies, JSONB operations, connection pooling, and transaction safety. Use when reviewing SQL queries, database schem...
README (SKILL.md)
PostgreSQL Code Review
Quick Reference
| Issue Type | Reference |
|---|---|
| Missing indexes, wrong index type, query performance | references/indexes.md |
| JSONB queries, operators, GIN indexes | references/jsonb.md |
| Connection leaks, pool configuration, timeouts | references/connections.md |
| Isolation levels, deadlocks, advisory locks | references/transactions.md |
Review Checklist
- WHERE/JOIN columns have appropriate indexes
- Composite indexes match query patterns (column order matters)
- JSONB columns use GIN indexes when queried
- Using proper JSONB operators (
->,->>,@>,?) - Connection pool configured with appropriate limits
- Connections properly released (context managers, try/finally)
- Appropriate transaction isolation level for use case
- No long-running transactions holding locks
- Advisory locks used for application-level coordination
- Queries use parameterized statements (no SQL injection)
Gates (before reporting findings)
Use this sequence so conclusions stay evidence-bound (not “I checked mentally”):
- Scope — Record the concrete paths (and line ranges or symbols if helpful) for the SQL, DDL/migrations, and connection code under review. Pass: every subsystem you critique (queries, JSONB, pool, transactions) has at least one cited path.
- SQL/DDL citation for performance claims — Index, sequential-scan, JSONB-operator, and plan-related findings must point to the exact statement or schema (quoted excerpt or
file:line). Pass: each such finding includes that citation. - Binding check before injection flags — Only assert SQL-injection risk after locating how SQL and values are combined (bound parameters vs string concat/format/f-strings). Pass: you name the mechanism you saw in code for each flagged callsite.
Then load the relevant reference doc from Quick Reference and walk the Review Checklist.
When to Load References
- Reviewing SELECT queries with WHERE/JOIN → indexes.md
- Reviewing JSONB columns or JSON operations → jsonb.md
- Reviewing database connection code → connections.md
- Reviewing BEGIN/COMMIT or concurrent updates → transactions.md
Review Questions
- Will this query use an index or perform a sequential scan?
- Are JSONB operations using appropriate operators and indexes?
- Are database connections properly managed and released?
- Is the transaction isolation level appropriate for this operation?
- Could this cause deadlocks or long-running locks?
Usage Guidance
This skill is a documentation-driven checklist and appears coherent for PostgreSQL code reviews. Before using it: do not paste production credentials or secrets into the review prompt (the reference docs contain illustrative hardcoded connection examples only), provide only the code/files you want reviewed (file paths and line ranges as requested), and verify any remediation recommendations against your environment (e.g., index creation or isolation-level changes) before applying them. If you need the skill to run EXPLAIN ANALYZE or execute queries, prefer read-only test credentials and isolate that activity to a safe test database.
Capability Assessment
Purpose & Capability
Name/description match the provided artifacts: SKILL.md and four reference documents covering indexes, JSONB, connections, and transactions. There are no unexpected env vars, binaries, or installs requested that would be unrelated to a code-review/checklist skill.
Instruction Scope
Runtime instructions are narrowly scoped to reviewing SQL/DDL/migration and connection/transaction code: they require citing file paths/line ranges and checking binding patterns before flagging injection. The instructions do not ask the agent to read system files, network endpoints, or other credentials beyond code under review. (Note: examples in references include placeholder connection strings and hardcoded credentials for demonstration; these are examples only and not operational instructions to exfiltrate secrets.)
Install Mechanism
No install spec or code files beyond documentation; instruction-only skill has minimal surface area and does not download or write code to disk.
Credentials
The skill requests no environment variables, credentials, or config paths. The reference examples include sample host/user/password placeholders for illustrative purposes — these are typical in docs and do not indicate required secrets.
Persistence & Privilege
always is false and there is no installation that modifies agent/system configuration. The skill is user-invocable and may be invoked autonomously per platform defaults, which is expected for skills of this type and is not combined with any broad credential or persistence requests.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install postgres-code-review - After installation, invoke the skill by name or use
/postgres-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
- Added a new “Gates (before reporting findings)” section to clarify requirements for evidence and code citations before making review conclusions.
- Detailed steps for scope citation, SQL/DDL referencing, and binding checks to ensure findings are evidence-based and linked to specific code locations.
- Retained and reorganized reference instructions to improve clarity and review structure.
- No changes to technical code or review checklist; documentation update only.
v1.1.0
- Adds a detailed review checklist covering indexes, JSONB usage, connection pooling, and transaction safety.
- Provides quick references to topic-specific guides (indexes, JSONB operations, connections, transactions).
- Includes guidance on when to consult each reference during code review.
- Lists essential review questions to help evaluate PostgreSQL code for best practices and safety.
Metadata
Frequently Asked Questions
What is Postgres Code Review?
Reviews PostgreSQL code for indexing strategies, JSONB operations, connection pooling, and transaction safety. Use when reviewing SQL queries, database schem... It is an AI Agent Skill for Claude Code / OpenClaw, with 228 downloads so far.
How do I install Postgres Code Review?
Run "/install postgres-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Postgres Code Review free?
Yes, Postgres Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Postgres Code Review support?
Postgres Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Postgres Code Review?
It is built and maintained by Kevin Anderson (@anderskev); the current version is v1.1.1.
More Skills