← Back to Skills Marketplace
Code Review Service
by
yang1002378395-cmyk
· GitHub ↗
· v1.0.0
· MIT-0
119
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install code-review-service
Description
提供全面代码审查,涵盖功能、可读性、性能、安全性和可维护性,生成详细改进报告提升代码质量。
README (SKILL.md)
Skill: 代码审查服务助手
触发词
- Code Review
- 代码审查
- 代码评审
- 代码质量
使用场景
用户想提供代码审查服务,帮助其他开发者提升代码质量。
核心框架
代码审查维度
- 功能性 - 代码是否正确实现需求
- 可读性 - 代码是否易于理解
- 性能 - 代码是否高效
- 安全性 - 代码是否有漏洞
- 可维护性 - 代码是否易于维护
执行步骤
1. 审查准备
获取信息
- 项目背景
- 技术栈
- 业务需求
- 重点审查方向
工具准备
- SonarQube(静态分析)
- ESLint/Prettier(代码风格)
- GitLab/GitHub MR Review
2. 审查维度
结构审查
✅ 目录结构是否清晰
✅ 模块划分是否合理
✅ 命名是否规范
✅ 是否有重复代码
代码审查
✅ 函数是否过长(\x3C 50 行)
✅ 参数是否过多(\x3C 5 个)
✅ 是否有嵌套地狱(\x3C 3 层)
✅ 是否有魔法数字
✅ 错误处理是否完善
✅ 日志是否合理
性能审查
✅ 是否有 N+1 查询
✅ 是否有不必要的循环
✅ 是否有内存泄漏风险
✅ 是否有阻塞操作
安全审查
✅ SQL 注入风险
✅ XSS 攻击风险
✅ CSRF 防护
✅ 敏感数据加密
✅ 权限校验
3. 审查报告模板
# 代码审查报告
**项目**:[项目名称]
**审查范围**:[文件/模块]
**审查日期**:[日期]
**审查人**:[姓名]
## 总体评价
- 代码质量:⭐⭐⭐⭐☆(4/5)
- 主要问题:[数量] 个
- 建议改进:[数量] 条
## 发现的问题
### 🔴 严重问题(必须修复)
#### 1. [问题标题]
- **位置**:[文件:行号]
- **问题描述**:[描述]
- **影响**:[影响]
- **建议修复**:[修复方案]
### 🟡 一般问题(建议修复)
#### 1. [问题标题]
- **位置**:[文件:行号]
- **问题描述**:[描述]
- **建议修复**:[修复方案]
### 🟢 优化建议(可选改进)
#### 1. [建议标题]
- **位置**:[文件:行号]
- **当前实现**:[当前代码]
- **建议改进**:[改进代码]
## 亮点
- [亮点 1]
- [亮点 2]
## 总结
[总结评价]
4. 沟通技巧
提出问题
- ❌ "这代码写得不好"(攻击性)
- ✅ "这里可能会有性能问题,建议优化为..."(建设性)
解释原因
- ❌ "改成这样"(命令式)
- ✅ "这样修改可以提升 50% 性能,因为..."(解释原因)
尊重作者
- ❌ "你犯了个错误"
- ✅ "我发现了一个潜在问题"
5. 定价参考
| 服务类型 | 价格 | 交付物 |
|---|---|---|
| 单文件审查 | ¥49/文件 | 审查报告 |
| 模块审查 | ¥199/模块 | 审查报告 + 改进建议 |
| 项目审查 | ¥999-2999/项目 | 完整审查报告 + 架构建议 |
| 持续审查 | ¥1999/月 | 月度审查 + 培训 |
6. 变现渠道
平台接单
- Fiverr(海外)
- 猪八戒(国内)
- 码市(国内)
内容引流
- 掘金/知乎文章
- GitHub 开源
- 技术社群
企业服务
- 代码审查外包
- 技术培训
- 质量体系建设
输出格式
🔍 代码审查服务方案
审查范围:[范围]
预计时间:[X] 小时
定价:¥[Y]
审查维度:
- [x] 功能性
- [x] 可读性
- [x] 性能
- [x] 安全性
- [x] 可维护性
交付物:
- 审查报告
- 问题清单
- 改进建议
定价建议
- 免费基础审查(单文件)
- 深度审查:¥199-999
- 企业级服务:¥1999-9999
Usage Guidance
This skill is an instruction-only code-review template and appears coherent with its purpose. Points to consider before installing or using it in automated workflows:
- Source is unknown (no homepage); prefer skills from known maintainers when possible.
- The skill itself requests no credentials, but following its advice (running SonarQube, ESLint, or performing MR reviews) will require access tokens and repository read access — grant those minimally (read-only, scoped service accounts) and avoid reusing admin credentials.
- If you plan to let an agent automatically fetch repositories or run analysis tools, isolate that capability (dedicated service account, limited permissions) and review logs/outputs for leaked secrets.
- Review generated reports before sharing externally — code reviews can inadvertently include sensitive snippets (API keys, internal URLs).
- Because this is guidance-only (no code/install), the direct risk from the skill is low; the primary risk comes from how you connect it to your code and tools. Ensure standard operational precautions when integrating with CI/CD or repo hosting.
Capability Assessment
Purpose & Capability
Name/description align with SKILL.md content: step-by-step guidance for functional/readability/performance/security/maintainability reviews and report templates. References to SonarQube/ESLint/GitHub/GitLab are reasonable for a code-review workflow.
Instruction Scope
SKILL.md stays within code-review scope (checklists, report templates, communication tips). It suggests using external analysis tools and repository review workflows but does not itself instruct the agent to fetch files, read system paths, or exfiltrate data. Minor ambiguity: automated use of SonarQube/ESLint or MR review implies repo/tool access (not described), so explicit access/credential steps would be needed for automation.
Install Mechanism
No install spec and no code files — instruction-only, nothing is written to disk and no external packages are fetched by the skill itself.
Credentials
No required environment variables, credentials, or config paths are declared. This is proportional for a guidance-only skill. If you later integrate it with CI/tools you will need to supply appropriate tokens — those are not requested by the skill.
Persistence & Privilege
always is false and the skill is user-invocable only; it does not request permanent elevated privileges or write to other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install code-review-service - After installation, invoke the skill by name or use
/code-review-service - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
代码审查服务助手 1.0.0 首次发布:
- 提供全面的代码审查维度,包括功能性、可读性、性能、安全性和可维护性。
- 明确审查流程和准备事项,涵盖工具、信息收集及重点方向。
- 附带详细的审查清单和可复制的审查报告模板,便于标准化输出。
- 总结有效沟通与反馈建议,推动团队协作和审查体验优化。
- 包含服务定价参考和变现渠道,助力个人和团队开展专业化代码审查服务。
Metadata
Frequently Asked Questions
What is Code Review Service?
提供全面代码审查,涵盖功能、可读性、性能、安全性和可维护性,生成详细改进报告提升代码质量。 It is an AI Agent Skill for Claude Code / OpenClaw, with 119 downloads so far.
How do I install Code Review Service?
Run "/install code-review-service" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Code Review Service free?
Yes, Code Review Service is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Code Review Service support?
Code Review Service is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Code Review Service?
It is built and maintained by yang1002378395-cmyk (@yang1002378395-cmyk); the current version is v1.0.0.
More Skills