← Back to Skills Marketplace
Code Review Assistant
by
Sunshine-del-ux
· GitHub ↗
· v1.0.0
1849
Downloads
0
Stars
8
Active Installs
1
Versions
Install in OpenClaw
/install code-review-assistant
Description
自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。
README (SKILL.md)
Code Review Assistant
自动化代码审查助手,帮助开发者快速审查代码,提高代码质量。
功能
- 🔍 自动代码审查
- 🐛 Bug 检测
- 🔒 安全漏洞扫描
- 📝 代码风格建议
- 📊 复杂度分析
- ✅ 最佳实践检查
支持的语言
| 语言 | 支持 |
|---|---|
| JavaScript/TypeScript | ✅ |
| Python | ✅ |
| Go | ✅ |
| Rust | ✅ |
| Java | ✅ |
| C/C++ | ✅ |
使用方法
审查单个文件
code-review-assistant review path/to/file.js
# 指定语言
code-review-assistant review path/to/file.py --language python
审查 Git Diff
# 审查当前的 git diff
code-review-assistant diff
# 审查特定分支
code-review-assistant diff main..feature-branch
审查 PR
code-review-assistant pr --owner username --repo reponame --pr-number 123
输出示例
# Code Review Report
## File: src/utils.js
### Issues Found: 3
#### 🔴 High Priority (1)
1. **Line 45: Potential SQL Injection**
```javascript
const query = `SELECT * FROM users WHERE id = ${userId}`;
→ Use parameterized queries instead
🟡 Medium Priority (2)
-
Line 23: Missing Error Handling
const data = JSON.parse(response);→ Add try-catch block
-
Line 67: Hardcoded API Key
const API_KEY = "sk-1234567890";→ Use environment variables
🟢 Suggestions (5)
- Consider using const instead of let
- Add JSDoc comments
- Extract function at line 100
- ...
Summary
| Category | Count |
|---|---|
| Security | 1 |
| Performance | 0 |
| Best Practices | 3 |
| Code Style | 2 |
Recommendation: Fix high priority issues before merging
## 配置
### 规则配置
```bash
# 启用/禁用特定规则
code-review-assistant config --enable security,performance --disable style
# 设置严重级别
code-review-assistant config --severity high
忽略文件
创建 .codereviewignore 文件:
# Ignore node_modules
node_modules/
# Ignore build output
dist/
build/
安装
# 无需额外依赖
# 使用内置代码分析
CI/CD 集成
GitHub Actions
name: Code Review
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Code Review
run: |
code-review-assistant review . --output report.md
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: code-review-report
path: report.md
变现思路
- GitHub Marketplace - 发布 GitHub Action
- 付费规则集 - 提供专业版规则
- 企业版 - 自托管版本
- 代码质量服务 - 为企业提供代码审查服务
Usage Guidance
This skill claims to perform automated, multi-language code reviews and vulnerability scans, but the included code is just a small Bash script that prints example reports rather than analyzing your code. If you expect real analysis, do not rely on this skill yet. Before installing or granting any secrets (e.g., GITHUB_TOKEN): 1) inspect the script and any other code to confirm it actually performs analysis (search for calls to linters, static analyzers, or network APIs); 2) run it in a sandbox or test repo to observe behavior; 3) do not provide tokens or integrate into CI until the PR logic and credential handling have been reviewed; 4) if you need genuine code scanning, prefer well-known tools (semgrep, eslint, bandit, gosec, etc.) or a skill that clearly documents and executes those engines. The mismatch between claims and implementation is a red flag—treat this as a stub or demo, not a production analyzer.
Capability Analysis
Type: OpenClaw Skill
Name: code-review-assistant
Version: 1.0.0
The skill bundle provides a mock 'Code Review Assistant'. The `SKILL.md` describes the tool's features and usage, without containing any prompt injection attempts against the agent. The `code-review-assistant.sh` script is a simple bash script that primarily prints static markdown reports. It uses `echo` to display user-provided arguments but does not execute them, thus avoiding shell injection. It also safely executes `git diff --stat` if `git` is available. There is no evidence of data exfiltration, malicious execution, persistence, or other harmful behaviors. The script's functionality is limited to simulating a code review, making it benign.
Capability Assessment
Purpose & Capability
The name and description promise automated, multi-language code analysis, bug detection, and vulnerability scanning. The repository contains only a small Bash script that prints hard-coded example reports and a brief handling of git diff; it does not actually parse files, run linters, static analyzers, or call any security scanners. This is a mismatch between claimed capability and actual implementation.
Instruction Scope
SKILL.md instructs the user to run commands like 'review', 'diff', and 'pr' and claims built-in analysis for many languages. The shell script's 'review' command never reads or analyzes the target file/directory contents (it simply prints a canned report). The 'pr' command only prints a note about GITHUB_TOKEN and does not implement PR fetching. The instructions therefore overstate functionality and give the agent broad discretion without backing implementation.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-only with a bundled shell script. No network fetches or archive extraction are specified, which is low-risk from an install perspective.
Credentials
No required environment variables are declared. The script mentions GITHUB_TOKEN in output text as an optional configuration for PR reviews; this is reasonable if PR integration were implemented, but currently GITHUB_TOKEN is not used in code. If PR support were added, a GitHub token would be expected; do not supply a token until you inspect and trust any code that uses it.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not modify system configuration. It does not write files or install system-wide changes by itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install code-review-assistant - After installation, invoke the skill by name or use
/code-review-assistant - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of code-review-assistant.
- 自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测和安全漏洞扫描
- 支持 JavaScript/TypeScript、Python、Go、Rust、Java、C/C++ 等主流语言
- 提供命令行工具,用于单文件、Git diff、PR 审查等多种场景
- 输出详细的代码问题报告,涵盖安全、最佳实践、代码风格等多维度
- 支持规则配置与文件忽略,便于灵活集成开发流程
- 无需额外依赖,内置代码分析,支持集成到 GitHub Actions
Metadata
Frequently Asked Questions
What is Code Review Assistant?
自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1849 downloads so far.
How do I install Code Review Assistant?
Run "/install code-review-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Code Review Assistant free?
Yes, Code Review Assistant is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Code Review Assistant support?
Code Review Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Code Review Assistant?
It is built and maintained by Sunshine-del-ux (@sunshine-del-ux); the current version is v1.0.0.
More Skills