SQL Review Skill: Safety, Perf, Migration Pass
The SQL bug that takes prod down is rarely a syntax error. It's a LIKE '%foo' on a billion-row table, a NOT IN with a NULL, an ALTER TABLE that locks for 40 minutes. This skill runs three passes — safety, performance, migration — over the SQL in your diff.
An installable SQL-review skill. Detects dialect, then runs a safety / perf / migration pass over the SQL in your diff — parameterization, missing WHERE, full scans, lock-rewriting ALTERs, missing indexes.
What It Does
- Detects the dialect — Postgres-specific advice ≠ MySQL-specific advice
- Safety lenses — injection, missing
WHERE, type coercion killing the index - Perf lenses — leading-wildcard LIKE, N+1, SELECT * with blob columns, missing indexes
- Migration lenses — table-rewriting ALTERs, NOT NULL without default, online index creation
Install in 30 Seconds
Pick your tool above and download:
- Claude Code:
~/.claude/skills/sql-review/SKILL.md - OpenAI Codex CLI: append to
AGENTS.md - Cursor: append to
.cursorrules
Run on any diff that touches a .sql file, a Prisma migration, or a SQL string in app code.
Why a Specialist Pass Beats a General Review
A generalist code review catches a missing semicolon. It doesn't catch that WHERE LOWER(email) = ? silently kills the email index. SQL has its own failure modes — concurrency, locking, planning — that a general reviewer skips. This skill is narrow on purpose: it does the SQL pass that the rest of the review doesn't.
Install once, ship migrations that don't take prod down.