← Back to Skills Marketplace
152
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install eo-ability-code-review
Description
代码审查能力,调用CodeReviewer专家进行安全、性能、风格全面审查,输出问题列表和改进建议
README (SKILL.md)
eo-ability-code-review
代码审查能力 - 调用 CodeReviewer 专家进行安全、性能、风格全面审查
一句话介绍
调用CodeReviewer专家进行代码安全/性能/风格全面审查,输出问题列表和改进建议。
核心功能
- 安全审查: SQL注入、XSS、CSRF等安全漏洞检测
- 性能审查: N+1查询、索引缺失、缓存策略等性能问题
- 风格审查: 代码规范、命名规范、注释完整性
- 综合评分: 安全/性能/风格/总体四维评分
使用方法
# 全面审查
/code-review /path/to/code --scope all
# 安全审查
/code-review /path/to/code --scope security --rules strict
# 性能审查
/code-review /path/to/code --scope performance
与EO插件的协同
- 被 eo-workflow-blog 调用(代码质量把关)
- 被 eo-workflow-paper 调用(论文逻辑审查)
- 被 eo-workflow-security-audit 调用(安全漏洞发现)
独立运行模式(有EO vs 无EO)
| 模式 | 能力 |
|---|---|
| 有EO插件 | 141专家库(CodeReviewer专家)、真实漏洞检测、重构建议 |
| 无插件(基础) | LLM代码审查、通用规范检查 |
示例
🔍 代码审查报告
## 评分
| 维度 | 评分 | 等级 |
|------|------|------|
| 安全 | 85/100 | B+ |
| 性能 | 78/100 | B |
| 风格 | 92/100 | A- |
| **总体** | **85/100** | **B+** |
## 问题列表
### 🔴 高优先级 (3)
1. [安全] SQL 注入风险 - user input directly in query
2. [安全] XSS 漏洞 - 未转义用户输入
3. [性能] N+1 查询问题 - loop 内查询数据库
### 🟡 中优先级 (5)
1. [风格] 变量命名不规范
2. [性能] 缺少索引
## 建议
- 使用参数化查询防止 SQL 注入
- 添加输入验证和转义
- 使用 ORM 的 eager loading
Interface
Input
interface CodeReviewInput {
codePath: string // 代码路径
scope?: 'security' | 'performance' | 'style' | 'all'
rules?: 'strict' | 'normal' | 'loose'
language?: string // 编程语言
}
Output
interface CodeReviewOutput {
scores: {
security: number // 0-100
performance: number // 0-100
style: number // 0-100
overall: number // 0-100
}
issues: CodeIssue[]
suggestions: string[]
summary: string
}
🦞⚙️ 钢铁龙虾军团
Usage Guidance
This skill appears to do what it claims — automated code review — but be cautious before using it on sensitive repositories. The SKILL.md references a /code-review CLI and an external 'CodeReviewer' expert pool but provides no binaries or install steps, so make sure you understand how your platform will satisfy that dependency before running it. Test the skill on a non-sensitive example repo first, and don't supply code that contains secrets (API keys, credentials, private keys) until you trust the skill's source and the platform integration. If you need higher assurance, ask the publisher for details about the 'CodeReviewer' expert backend and any data handling / retention policies.
Capability Analysis
Type: OpenClaw Skill
Name: eo-ability-code-review
Version: 1.0.0
The skill bundle defines a standard code review capability for an AI agent, focusing on security, performance, and style analysis. The files (_meta.json, SKILL.md) contain only descriptive metadata and interface definitions without any executable code, suspicious commands, or instructions for data exfiltration.
Capability Assessment
Purpose & Capability
The name/description (code review for security/performance/style) matches the instructions and declared interfaces. The skill expects a codePath input and returns review results, which is appropriate for a code-review capability. One minor inconsistency: SKILL.md shows CLI usage (/code-review) and refers to a 'CodeReviewer专家' expert pool, but the skill declares no required binaries or external dependencies — that CLI/expert is not provided in the skill bundle.
Instruction Scope
SKILL.md stays within the code-review domain: it describes running reviews, scoring, and producing issue lists. It implies reading the code at the provided codePath (expected). It does not instruct reading unrelated system files or environment variables. Note: because it will read repository files supplied as codePath, those files may contain secrets — the skill does not state any data-handling or exfiltration restrictions.
Install Mechanism
No install spec and no code files — lowest-risk execution model for an instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. That aligns with a passive code-review helper. There are no unexpected credential requests in the SKILL.md.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent or elevated privileges and does not attempt to modify other skills' configuration in its instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install eo-ability-code-review - After installation, invoke the skill by name or use
/eo-ability-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of eo-ability-code-review
- Provides comprehensive code review capabilities focused on security, performance, and style.
- Outputs a detailed issues list and actionable improvement suggestions.
- Supports both strict and basic code review modes, adapting to presence or absence of EO plugins.
- Integrates with other EO workflows for code quality, paper logic, and security auditing.
- Delivers dimensional scoring and summary reports for comprehensive code quality assessment.
Metadata
Frequently Asked Questions
What is Eo Ability Code Review?
代码审查能力,调用CodeReviewer专家进行安全、性能、风格全面审查,输出问题列表和改进建议. It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.
How do I install Eo Ability Code Review?
Run "/install eo-ability-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Eo Ability Code Review free?
Yes, Eo Ability Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Eo Ability Code Review support?
Eo Ability Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Eo Ability Code Review?
It is built and maintained by 467718584 (@467718584); the current version is v1.0.0.
More Skills