Java 25 & Spring Boot 4 Code Reviewer

Trust Score 89/100

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

triggers:spring boot 4java 25code reviewpull request reviewmigration reviewnull-safetysecurity review

GitHub SKILL.md

What it does

This skill performs structured, file- and diff-aware code reviews for Java 25 and Spring Boot 4 codebases. It guides the agent through build/config checks, API correctness, architecture and packaging, data access patterns, security and performance passes, and produces severity-ordered findings with file/line citations and actionable fixes.

When to use it

Use this skill for PR reviews, module- or repo-level audits, migration readiness checks (Boot 4 / Java 25), security-focused inspections, and when you can provide code context (files, diffs, or module paths). Do NOT use for Kotlin-first repos, non-Spring frameworks, or requests without code context.

What's included

Scripts: none detected (has_scripts=false)
References: spring-boot-4-patterns.md, java-25-features.md, security-checklist.md, performance-patterns.md, architecture-patterns.md, jspecify-null-safety.md
Instructions: stepwise workflow covering scope confirmation, targeted reference loading, ordered review passes (build/config, API, architecture, data, security, performance), and a markdown report template organized by severity.

Compatible agents

Optimized for assistant agents that can read repository files and diffs (Claude Code, Codex-style agents).

Audit Summary

Structured code-review skill for Java 25 and Spring Boot 4 projects. SKILL.md is well-written with clear triggers, multi-pass review workflow, and specific focus areas. No bundled scripts — purely instruction-based. Good progressive disclosure with reference files loaded just-in-time. Useful for Java/Spring teams but niche audience.

Watch Out

No scripts to execute — purely prompt-based skill
Requires reference files (8 separate .md files) that aren't bundled in the skill itself

Notes

Clean skill with no security concerns. No network calls, no credentials, no destructive commands. Well-structured frontmatter with name and description. Review passes are thorough and well-organized. The only architectural note is that references/ directory is referenced but not bundled, meaning the skill relies on external files being present in the same repo.

Information

Repository: springboot-skills-marketplace
Stars: 29
Installs: 0

Trust Score

Overall89

Security98

Code Quality82

Architecture78

Usefulness72

More from springboot-skills-marketplace

Spring Boot Migration

Guided, phased migration for existing Spring Boot apps to Boot 4 / Java 25 (including Modulith 2 and Testcontainers 2), with scanners and reference guides.

Related Skills

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

Spring Boot Migration

Guided, phased migration for existing Spring Boot apps to Boot 4 / Java 25 (including Modulith 2 and Testcontainers 2), with scanners and reference guides.

ArcKit — French Public Procurement (fr-marche-public)

Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d

ArcKit Architecture Conformance

Run a systematic architecture conformance assessment that compares ADRs and principles against HLD/DLD artifacts to surface drift, violations, and technical deb

Navan Migration — Deep Dive

End-to-end migration playbook for moving from SAP Concur or legacy TMC to Navan: data export, user provisioning (SCIM/CSV), policy recreation, parallel running

Speak Security Basics

Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy

Lokalise Migration — Deep Dive

Step-by-step migration guide and tooling for moving translations from Crowdin/Phrase/POEditor into Lokalise, including transforms, uploads and validation.

Juicebox Performance Tuning

Guidance and code patterns to reduce Juicebox AI analysis latency: caching, batching, upload chunking, and pagination to improve throughput and responsiveness.

Back to Skills