← Back to Skills Marketplace
3052
Downloads
0
Stars
14
Active Installs
1
Versions
Install in OpenClaw
/install code-review-fix
Description
Automatically review code for bugs, security, style, and performance issues, provide fix suggestions, and optionally apply repairs with explanations.
README (SKILL.md)
Code Review & Fix / 智能代码审查与修复
自动审查代码问题、提供修复建议、直接修复代码 —— 解决开发者"代码质量"和"bug修复"的高频痛点。
Usage / 使用方法
# 审查当前文件
/code-review
# 审查并自动修复
/code-review --fix
# 只检查安全问题
/code-review --security
# 学习模式(附带解释)
/code-review --explain
Features / 功能特性
- ✅ 代码问题检测(bug、安全、性能)
- ✅ 代码风格检查
- ✅ 自动修复
- ✅ 解释教育模式
- ✅ 多语言支持
Pricing / 定价
- 前3次免费
- 单次调用:0.001 USDT
- 更多套餐见 skillpay.me
Usage Guidance
This skill is functionally coherent but contains a hard-coded billing API key and will call an external billing service, sending a user identifier (your local username by default) and creating a local state file. Before installing: (1) review lib/billing.ts and decide whether you trust the billing endpoint and the embedded key — ideally replace it with your own key or remove automatic billing; (2) be aware the skill will create .code-review-fix-state.json in the working directory and may transmit your OS username unless you set SKILLPAY_USER_ID; (3) run it in an isolated environment (not as root) and verify network activity; (4) ensure you have Bun or adapt the scripts to your runtime; (5) if you do not trust the publisher, do not install or run the skill as-is.
Capability Analysis
Type: OpenClaw Skill
Name: code-review-fix
Version: 1.0.0
The skill provides code analysis and fixing functionality but contains a hardcoded API key in `lib/billing.ts` and transmits the local OS username to an external endpoint (`skillpay.me`) for billing and usage tracking. While these behaviors are aligned with the stated purpose of a monetized skill, the hardcoded credential is a security vulnerability (credential exposure), and the automated collection of system identifiers for a third-party service represents a privacy risk.
Capability Assessment
Purpose & Capability
The repository files (analyzer, main, billing) match the stated purpose (code review + optional auto-fix + billing). However, billing is implemented with a hard-coded BILLING_API_KEY and SKILL_ID in lib/billing.ts instead of requiring the publisher/user to supply credentials, which is unusual and worth questioning.
Instruction Scope
The runtime instructions in SKILL.md are scoped to code review, but scripts/main.ts reads arbitrary files in the current directory, writes a local state file (.code-review-fix-state.json), and will send a user identifier (derived from process.env.SKILLPAY_USER_ID or the local OS username) to an external billing service. SKILL.md/README do not clearly call out the sending of local username or creation of state files.
Install Mechanism
There is no install spec (instruction-only in registry) which minimizes install risk, but package.json and scripts assume the 'bun' runtime (start/dev scripts use bun). The registry metadata declared no required binaries, so the runtime assumption about Bun is an inconsistency that may break execution. No downloaded external archives are used.
Credentials
The skill declares no required env vars, but contains a hard-coded billing API key (BILLING_API_KEY) in lib/billing.ts. Embedding a long-lived secret in code means the publisher's key will be used for all billing calls; this is disproportionate and risky. The code also optionally reads process.env.SKILLPAY_USER_ID to form user IDs, which is reasonable but not declared in metadata.
Persistence & Privilege
The skill does not request permanent 'always' privilege and does not modify other skills. It does create a state file in the working directory (.code-review-fix-state.json). Because the skill can be invoked autonomously by agents (default), network-enabled billing calls combined with the embedded key increase operational risk if invoked without user oversight.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install code-review-fix - After installation, invoke the skill by name or use
/code-review-fix - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Code Review & Fix.
- Automatically reviews code for bugs, security, and performance issues
- Offers automated code fixes and style checking
- Educational mode available with explanations
- Supports multiple programming languages
- Free for first 3 uses; pay-per-use pricing after
Metadata
Frequently Asked Questions
What is code-review-fix?
Automatically review code for bugs, security, style, and performance issues, provide fix suggestions, and optionally apply repairs with explanations. It is an AI Agent Skill for Claude Code / OpenClaw, with 3052 downloads so far.
How do I install code-review-fix?
Run "/install code-review-fix" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is code-review-fix free?
Yes, code-review-fix is completely free (open-source). You can download, install and use it at no cost.
Which platforms does code-review-fix support?
code-review-fix is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created code-review-fix?
It is built and maintained by landyun (@landyun); the current version is v1.0.0.
More Skills