Reviews Odoo 16.0 code for best practices, security issues, performance problems, and OCA guidelines compliance. This skill should be used when the user requests code review, such as "Review this code" or "Check this module for issues" or "Is this code optimized?" or "Security review needed for this module".
View on GitHubJanuary 22, 2026
Select agents to install to:
npx add-skill https://github.com/jamshu/jamshi-marketplace/blob/main/plugins/odoo-dev/skills/odoo-code-reviewer/SKILL.md -a claude-code --skill odoo-code-reviewerInstallation paths:
.claude/skills/odoo-code-reviewer/# Odoo Code Reviewer
## Overview
This skill provides comprehensive code review for Odoo 16.0 modules, checking for security vulnerabilities, performance issues, OCA guideline compliance, and general best practices.
## Review Categories
### 1. Security Issues
SQL injection, XSS vulnerabilities, improper sudo() usage, missing input validation.
### 2. Performance Problems
N+1 queries, inefficient searches, unnecessary database operations.
### 3. OCA Guidelines Compliance
Code style, structure, naming conventions, documentation.
### 4. Best Practices
Proper API usage, error handling, logging, testing.
### 5. Maintainability
Code organization, readability, documentation, modularity.
## Review Process
### Step 1: Identify Review Scope
Determine what to review:
- Complete module
- Specific model files
- View files
- Security configuration
- Specific functionality
### Step 2: Systematic Review
Check each category systematically following the patterns below.
## Review Patterns
### Security Review Checklist
**1. SQL Injection Risk**
```python
# BAD - SQL injection vulnerability
self.env.cr.execute("SELECT * FROM table WHERE id = %s" % record_id)
# GOOD - Parameterized query
self.env.cr.execute("SELECT * FROM table WHERE id = %s", (record_id,))
```
**2. XSS Vulnerabilities**
```python
# BAD - Unescaped HTML field
description = fields.Char(string='Description')
# GOOD - Use Text or Html field with sanitization
description = fields.Html(string='Description', sanitize=True)
```
**3. Improper sudo() Usage**
```python
# BAD - sudo() without justification
records = self.env['model'].sudo().search([])
# GOOD - Check permissions properly
if self.env.user.has_group('base.group_system'):
records = self.env['model'].search([])
```
**4. Missing Input Validation**
```python
# BAD - No validation
def process(self, value):
return int(value)
# GOOD - Proper validation
def process(self, value):
if not value or not isinstance(value, (int, str)):
raise