← Back to Skills Marketplace

AI Code Review

Name: AI Code Review
Author: terrycarter1985

by terrycarter1985 · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ai-code-review-svc

Description

Automated code review with LLM analysis, voice transcription, and Discord notifications

README (SKILL.md)

AI Code Review Skill

Automated code review service that combines LLM-powered diff analysis, voice-note transcription, and Discord notifications into a unified review pipeline.

Features

LLM Code Analysis: Sends diffs to GPT-4o with structured JSON output (issues count, suggestions, approval status, summary)
Voice Note Transcription: Transcribes review meeting recordings via OpenAI Whisper API with file validation
Discord Notifications: Rich embed notifications with approval status, issue counts, and color-coded indicators
URL Safety: Scheme validation prevents SSRF attacks on all fetched URLs
Request Timeouts: All HTTP calls enforce a 30-second timeout to prevent hanging
Structured Logging: Consistent logging throughout with logging module
ClawHub Publishing: Built-in publish_skill() helper using the ClawHub CLI

Quick Start

# Set required environment variables
export OPENAI_API_KEY="sk-..."
export DISCORD_WEBHOOK_URL="https://discord.com/api/webhooks/..."  # optional

# Run a review
python src/code_review_service.py

API Reference

`process_pull_request(pr_number, diff_url, voice_note_path=None)`

End-to-end PR review: fetches diff, runs LLM analysis, optionally transcribes a voice note, and sends a Discord notification.

Returns a dict with keys: issues_found, suggestions, approval, summary, and optionally voice_note_transcription.

`analyze_code_changes(diff_content)`

Sends diff text to GPT-4o for analysis. Returns structured JSON with issues_found, suggestions, approval (approved/needs_changes/rejected), and summary.

`transcribe_voice_note(audio_file_path)`

Validates the audio file exists and is non-empty, then transcribes via Whisper-1. Returns the transcription text.

`send_discord_notification(message, embed=None)`

Posts a message (with optional rich embed) to the configured Discord webhook. Returns True on success.

`publish_skill(skill_path, version)`

Publishes a skill directory to ClawHub at the given version using the clawhub CLI.

Configuration

Variable	Required	Default	Description
`OPENAI_API_KEY`	Yes	—	OpenAI API key for GPT-4o and Whisper
`DISCORD_WEBHOOK_URL`	No	—	Discord webhook URL for notifications
`CLAWHUB_API_URL`	No	`https://api.clawhub.com/v1`	ClawHub API base URL

Health Check

The included scripts/healthcheck.sh monitors nginx, docker, code-review-service, and whisper-api-gateway. It auto-restarts failed services and sends Discord alerts. Disk usage warnings trigger at 80% and critical alerts at 90%.

Changelog

1.1.0

Fixed SSRF vulnerability: added _validate_url() with scheme allowlist for all fetched URLs
Added 30-second request timeouts to all requests calls (diff fetch + Discord webhook)
Replaced bare except clauses with specific exception types (requests.RequestException, FileNotFoundError, ValueError, json.JSONDecodeError)
Added input validation: file existence/size checks for audio, empty-diff handling
Implemented actual LLM-based code analysis via GPT-4o (replaced stub analyze_code_changes)
Added logging module throughout; removed silent error swallowing
Lazy-initialized OpenAI client with clear error on missing key
Improved error handling in voice note transcription (graceful skip on failure)
Enhanced health check script compatibility with chroot/container environments

Usage Guidance

Before installing or using this skill, confirm that you are comfortable sending code diffs and optional audio to OpenAI and summaries to Discord. Treat the package as incomplete because the referenced Python service and healthcheck script are not included; do not run any later-provided implementation until you review its source and permissions.

Capability Analysis

Type: OpenClaw Skill Name: ai-code-review-svc Version: 1.1.1 The skill bundle documentation (SKILL.md, README.md) describes a legitimate automated code review service. It includes features for LLM-based diff analysis, voice transcription via OpenAI Whisper, and Discord notifications. The documentation explicitly highlights security-conscious features such as SSRF validation for URLs and request timeouts. No evidence of malicious intent, data exfiltration, or prompt injection was found in the provided files.

Capability Tags

requires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The LLM code review, Whisper transcription, and Discord notification features are coherent with the stated purpose, but the documentation also references absent source files, a healthcheck script, and a ClawHub publishing helper that are not implemented in the supplied artifacts.

ℹ Instruction Scope

Instructions disclose that diffs and optional audio are sent to OpenAI and that Discord notifications may be posted. No hidden prompt-injection or goal-hijack instructions were found.

ℹ Install Mechanism

There is no install spec and no code files, while the README/SKILL.md tell users to run src/code_review_service.py and describe scripts/healthcheck.sh. This is an incomplete review context rather than evidence of malicious behavior.

ℹ Credentials

The documented OPENAI_API_KEY and optional DISCORD_WEBHOOK_URL are expected for this integration, but registry metadata does not declare required environment variables.

ℹ Persistence & Privilege

The described healthcheck would auto-restart nginx, docker, and related services if it existed and were run, but no such script is included or automatically installed in the supplied artifacts.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ai-code-review-svc
After installation, invoke the skill by name or use /ai-code-review-svc
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

修复代码质量问题、SSRF漏洞修复、添加请求超时、实现LLM代码分析、优化健康检查适配

v1.1.0

Fixed code quality and security issues: input validation, request timeouts, webhook URL validation, message truncation, no auto-approve, lazy client init, structured logging. Optimized healthcheck compatibility.

Metadata

Slug ai-code-review-svc

Version 1.1.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is AI Code Review?

Automated code review with LLM analysis, voice transcription, and Discord notifications. It is an AI Agent Skill for Claude Code / OpenClaw, with 71 downloads so far.

How do I install AI Code Review?

Run "/install ai-code-review-svc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI Code Review free?

Yes, AI Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AI Code Review support?

AI Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI Code Review?

It is built and maintained by terrycarter1985 (@terrycarter1985); the current version is v1.1.1.

More Skills