← Back to Skills Marketplace

Senior Code Reviewer

Name: Senior Code Reviewer
Author: alirezarezvani

by Alireza Rezvani · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

309

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install code-reviewer-2

Description

Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations...

README (SKILL.md)

Code Reviewer

Automated code review tools for analyzing pull requests, detecting code quality issues, and generating review reports.

Tools
Reference Guides
Languages Supported

Tools

PR Analyzer

Analyzes git diff between branches to assess review complexity and identify risks.

# Analyze current branch against main
python scripts/pr_analyzer.py /path/to/repo

# Compare specific branches
python scripts/pr_analyzer.py . --base main --head feature-branch

# JSON output for integration
python scripts/pr_analyzer.py /path/to/repo --json

What it detects:

Hardcoded secrets (passwords, API keys, tokens)
SQL injection patterns (string concatenation in queries)
Debug statements (debugger, console.log)
ESLint rule disabling
TypeScript any types
TODO/FIXME comments

Output includes:

Complexity score (1-10)
Risk categorization (critical, high, medium, low)
File prioritization for review order
Commit message validation

Code Quality Checker

Analyzes source code for structural issues, code smells, and SOLID violations.

# Analyze a directory
python scripts/code_quality_checker.py /path/to/code

# Analyze specific language
python scripts/code_quality_checker.py . --language python

# JSON output
python scripts/code_quality_checker.py /path/to/code --json

What it detects:

Long functions (>50 lines)
Large files (>500 lines)
God classes (>20 methods)
Deep nesting (>4 levels)
Too many parameters (>5)
High cyclomatic complexity
Missing error handling
Unused imports
Magic numbers

Thresholds:

Issue	Threshold
Long function	>50 lines
Large file	>500 lines
God class	>20 methods
Too many params	>5
Deep nesting	>4 levels
High complexity	>10 branches

Review Report Generator

Combines PR analysis and code quality findings into structured review reports.

# Generate report for current repo
python scripts/review_report_generator.py /path/to/repo

# Markdown output
python scripts/review_report_generator.py . --format markdown --output review.md

# Use pre-computed analyses
python scripts/review_report_generator.py . \
  --pr-analysis pr_results.json \
  --quality-analysis quality_results.json

Report includes:

Review verdict (approve, request changes, block)
Score (0-100)
Prioritized action items
Issue summary by severity
Suggested review order

Verdicts:

Score	Verdict
90+ with no high issues	Approve
75+ with ≤2 high issues	Approve with suggestions
50-74	Request changes
\x3C50 or critical issues	Block

Reference Guides

Code Review Checklist

references/code_review_checklist.md

Systematic checklists covering:

Pre-review checks (build, tests, PR hygiene)
Correctness (logic, data handling, error handling)
Security (input validation, injection prevention)
Performance (efficiency, caching, scalability)
Maintainability (code quality, naming, structure)
Testing (coverage, quality, mocking)
Language-specific checks

Coding Standards

references/coding_standards.md

Language-specific standards for:

TypeScript (type annotations, null safety, async/await)
JavaScript (declarations, patterns, modules)
Python (type hints, exceptions, class design)
Go (error handling, structs, concurrency)
Swift (optionals, protocols, errors)
Kotlin (null safety, data classes, coroutines)

Common Antipatterns

references/common_antipatterns.md

Antipattern catalog with examples and fixes:

Structural (god class, long method, deep nesting)
Logic (boolean blindness, stringly typed code)
Security (SQL injection, hardcoded credentials)
Performance (N+1 queries, unbounded collections)
Testing (duplication, testing implementation)
Async (floating promises, callback hell)

Languages Supported

Language	Extensions
Python	`.py`
TypeScript	`.ts`, `.tsx`
JavaScript	`.js`, `.jsx`, `.mjs`
Go	`.go`
Swift	`.swift`
Kotlin	`.kt`, `.kts`

Usage Guidance

Before installing or running this skill: 1) Review the three Python scripts (pr_analyzer.py, code_quality_checker.py, review_report_generator.py) yourself — they will be executed locally and will read all files in the repo you point them at (so they can surface secrets); 2) Ensure the runtime environment has Python and git on PATH — the skill does not declare these required binaries; 3) Run the scripts in an isolated or non-production environment (container or VM) first to confirm behavior and outputs; 4) If you plan to let an agent invoke this skill automatically, restrict its repository scope (don’t give it access to repos with production secrets) and verify there are no unexpected network calls (I found no external endpoints or downloads in the files provided); 5) Prefer a version of the skill that explicitly lists required binaries and a maintainer/homepage so you can verify provenance.

Capability Analysis

Type: OpenClaw Skill Name: code-reviewer-2 Version: 0.1.0 The OpenClaw skill bundle 'code-reviewer-2' is benign. Its purpose is to perform automated code reviews, analyze pull requests, and check code quality, which is clearly stated in `SKILL.md`. The Python scripts (`pr_analyzer.py`, `code_quality_checker.py`, `review_report_generator.py`) implement these functionalities by reading local files and executing `git` commands via `subprocess.run` with arguments passed as a list, which is a safe practice against shell injection. The scripts are designed to *detect* security issues like hardcoded secrets and SQL injection patterns, not to exploit or exfiltrate them. There is no evidence of unauthorized network activity, data exfiltration, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent in any of the provided files.

Capability Assessment

⚠ Purpose & Capability

The declared purpose (automated code review) matches the included scripts and reference docs. However the skill declares no required binaries or install steps even though the SKILL.md and the shipped tools explicitly run via the 'python' interpreter and the PR analyzer calls 'git' via subprocess. Not declaring Python and git is an incoherence that could lead to runtime failures or surprise if the agent environment differs.

ℹ Instruction Scope

SKILL.md instructs the agent (and user) to run local Python scripts against a repository path; the scripts read repository files, diffs, commit messages and produce JSON/markdown reports. That behavior is expected for a code-review tool, but it means the skill will scan all files you point it at (including secrets). The instructions do not ask for unrelated system files or external credentials.

ℹ Install Mechanism

There is no install spec (instruction-only), which is low-risk, but three substantive Python scripts are included and intended to be executed. Because the package contains executable code but does not declare runtime binary requirements, there's a mismatch between packaging and runtime behavior.

ℹ Credentials

The skill declares no required environment variables or credentials, and the scripts do not read secrets from env; that is proportionate. However the scripts do invoke git and run Python subprocesses, so they implicitly require access to the filesystem and local git history. The absence of an explicit 'requires: python, git' is a notable omission.

✓ Persistence & Privilege

The skill is not marked always:true and does not request persistent system-wide privileges. It runs as an on-demand tool that executes local analysis; nothing in the files attempts to modify other skills or system settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install code-reviewer-2
After installation, invoke the skill by name or use /code-reviewer-2
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

- Initial release of the code-reviewer skill for automated code review. - Supports TypeScript, JavaScript, Python, Go, Swift, and Kotlin. - Includes tools for PR analysis, code quality checking, and review report generation. - Detects common issues such as code smells, complexity, SOLID violations, and security risks. - Provides detailed guides: code review checklists, coding standards, and common antipatterns.

Metadata

Slug code-reviewer-2

Version 0.1.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Senior Code Reviewer?

Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations... It is an AI Agent Skill for Claude Code / OpenClaw, with 309 downloads so far.

How do I install Senior Code Reviewer?

Run "/install code-reviewer-2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Senior Code Reviewer free?

Yes, Senior Code Reviewer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Senior Code Reviewer support?

Senior Code Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Senior Code Reviewer?

It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v0.1.0.

More Skills