← Back to Skills Marketplace
rahulsaini202

code-review-skill-agent

by rahulsaini · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
83
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install code-review-skill-agent
Description
Review backend code changes for correctness, security, architecture compliance, and test coverage per the applicable skill and checklist from AGENTS.md.
README (SKILL.md)

Code Review Guide

Use this guide when reviewing backend code changes in this repository.

Review Objective

  • Find correctness issues, regressions, missing validation, unsafe data access, weak module wiring, and missing tests.
  • Review against the relevant implementation skill from AGENTS.md, not just against personal style preferences.
  • Prefer concrete findings with file references and impact over broad opinions.

Mandatory Review Rules

  • First confirm which skill should have governed the change, based on AGENTS.md.
  • Reject backend changes that do not follow the applicable skill structure or checklist.
  • Reject any generated or modified function or method missing:
// Generated by skills.
  • Treat missing validation, missing auth checks, broken DI wiring, unsafe repository behavior, and schema/data consistency issues as high-signal findings.

Review Workflow

  1. Identify the changed area: controller, service, module, repo, DTO, schema, queue, MCP, deployment, or tests.
  2. Open skills/skill-enforcement.skill.md.
  3. Open the matching task-specific skill from AGENTS.md.
  4. Compare the change against the required structure, naming, folder placement, and implementation checklist.
  5. Verify every generated or modified function or method includes // Generated by skills. immediately above the signature.
  6. Check whether tests were added or updated where behavior changed.
  7. Report findings ordered by severity, with file references and a short explanation of impact.

What To Check

Architecture

  • Controllers should stay thin and delegate work.
  • Services should contain orchestration and business logic only.
  • Repositories should handle data access concerns only.
  • Modules should wire providers, controllers, and imports/exports correctly.

Correctness

  • DTO validation matches actual request requirements.
  • Service logic handles expected success and failure paths.
  • Repository methods query the right fields and handle not-found cases safely.
  • Schema changes preserve required fields, defaults, indexes, and timestamps when needed.

Security And Safety

  • Sensitive fields are not exposed in controller responses.
  • Authentication and authorization checks are not bypassed.
  • Inputs are validated before reaching service or repository layers.
  • Logging and errors do not leak secrets or internal details.

Testing

  • New behavior has unit or e2e coverage where appropriate.
  • Existing tests still match the intended behavior.
  • Edge cases and failure paths are covered for critical logic.

Review Output Format

  • Findings first, ordered by severity.
  • Each finding should include:
  • File path
  • Short issue statement
  • Why it matters
  • If there are no findings, state that explicitly and mention any remaining test or verification gaps.

Rejection Conditions

  • Missing required skill usage for backend work.
  • Missing // Generated by skills. marker above any generated or modified function or method.
  • Code placed in the wrong architectural layer.
  • Missing validation or unsafe persistence logic.
  • Behavior changes without appropriate test coverage.
Usage Guidance
This skill is internally consistent and low-risk from an install perspective because it is instruction-only and requests no secrets. Before enabling it, consider: 1) the agent running the skill will read repository files (including any accidental secrets), so only grant it access to repos you trust; 2) if you do not want the agent to run reviews autonomously, set disable-model-invocation=true or require explicit user invocation; 3) the SKILL.md enforces process rules (e.g., requiring a '// Generated by skills.' marker) that may cause rejections—ensure your repo follows the referenced AGENTS.md and skills/skill-enforcement.skill.md conventions; 4) test the skill in a safe sandbox or with a limited-scope repo first to confirm behavior matches your expectations.
Capability Analysis
Type: OpenClaw Skill Name: code-review-skill-agent Version: 1.0.0 The skill bundle defines a structured workflow for an AI agent to perform backend code reviews. It focuses on architectural integrity, security validation (e.g., checking for auth bypasses and input validation), and testing coverage. There are no indicators of malicious intent, data exfiltration, or harmful prompt injection; the instructions in SKILL.md are purely process-oriented and aimed at improving code quality.
Capability Assessment
Purpose & Capability
The name and description (code review of backend changes per AGENTS.md) match the SKILL.md instructions: open repository files, compare changes against AGENTS.md and skills/skill-enforcement.skill.md, check tests, architecture, security, and produce findings. There are no unrelated environment variables or binaries requested.
Instruction Scope
The instructions explicitly tell the agent to read repository files (AGENTS.md, skills/skill-enforcement.skill.md, changed source/tests). This is appropriate for code review, but it means the agent will access arbitrary repo contents — which could include secrets or other sensitive files if present. The enforced requirement for a '// Generated by skills.' marker is an operational policy embedded in the instructions (not a security issue), but could cause false rejections if the repo uses different markers.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. There is no disproportionate credential demand.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide settings. It remains user-invocable and can be allowed or disabled per normal agent controls.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install code-review-skill-agent
  3. After installation, invoke the skill by name or use /code-review-skill-agent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the code-review-skill. - Provides a structured code review guide for backend code changes. - Defines clear review objectives and mandatory rules based on repository skill definitions. - Introduces a step-by-step workflow for reviewing changes, including file referencing and severity ordering. - Lists architectural, correctness, security, and testing checks for reviewers. - Specifies a standardized output format for review findings. - Clearly states rejection conditions for backend pull requests.
Metadata
Slug code-review-skill-agent
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is code-review-skill-agent?

Review backend code changes for correctness, security, architecture compliance, and test coverage per the applicable skill and checklist from AGENTS.md. It is an AI Agent Skill for Claude Code / OpenClaw, with 83 downloads so far.

How do I install code-review-skill-agent?

Run "/install code-review-skill-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is code-review-skill-agent free?

Yes, code-review-skill-agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does code-review-skill-agent support?

code-review-skill-agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created code-review-skill-agent?

It is built and maintained by rahulsaini (@rahulsaini202); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments