← Back to Skills Marketplace
292
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install golang-code-review
Description
Provides comprehensive Golang code reviews for Git merge commits, checking format, quality, best practices, security, and generating detailed Markdown reports.
README (SKILL.md)
🐛 golang-code-review - Golang 代码审查技能
功能描述
此技能对 Git merge 提交的 Golang 代码进行全面的代码审查,包括:
- 格式检测:遵循
gofmt、goimports等 Go 语言标准格式规范 - 合理性和质量检测:使用静态分析工具(如
staticcheck,unused,errcheck) - 最佳实践检查:参考 Go Code Review Comments (
https://github.com/golang/go/wiki/CodeReviewComments) - 安全漏洞扫描:检测常见安全问题(SQL 注入、XSS、不安全的反序列化等)
输出报告
生成详细的 Markdown 报告,包含:
- 📋 总体评分
- ⚠️ 问题分类和严重等级
- 🔧 修复建议
- 📊 代码度量(复杂度、行数、空白检测)
规范参考
- Go Code Review Comments: https://github.com/golang/go/wiki/CodeReviewComments
- Go Error Handling: https://github.com/golang/go/wiki/ErrorHandlingBestPractices
- Effective Go: https://golang.org/doc/effective_go.html
- GO linting rules (https://staticcheck.io)
Usage Guidance
This skill is not clearly what it claims: the description promises full, commit-aware static analysis but the included program only performs simple, file-level, line-based heuristics and doesn't call staticcheck/errcheck or inspect Git diffs. That likely means it's incomplete or misleading rather than malicious, but you should not rely on it for security reviews. Before installing or using it:
- Treat it as untrusted/experimental: run it on non-sensitive code and inspect outputs first.
- If you need true static analysis, prefer tools that explicitly invoke and return results from staticcheck/errcheck/gofmt, or add code to this skill to call those tools and handle their outputs.
- Be aware the report logic is buggy (many rules are unimplemented and may produce empty/incorrect issue entries); review index.go or test it locally.
- Confirm whether you (or the agent) will run the external linters the SKILL.md recommends — the skill does not run them itself.
If you want to change this assessment, provide updated code that actually invokes the declared linters or processes Git diffs/merge commits, or a clear rationale why file-level checks meet the stated merge-review purpose.
Capability Analysis
Type: OpenClaw Skill
Name: golang-code-review
Version: 1.0.0
The skill bundle provides a basic Golang code review tool. The core logic in `index.go` performs simple static analysis, such as checking for unhandled errors and unused imports, while `SKILL.md` and `config.md` provide instructions for integrating standard Go linting tools like `staticcheck` and `gofmt`. Although the implementation is rudimentary and contains a minor syntax error in `index.go`, there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The description promises comprehensive reviews for Git merge commits using tools like gofmt, goimports, staticcheck and errcheck. The SKILL.md recommends those tools, but the bundled index.go does not call any external analyzers or interact with Git — it only reads a single file path passed as an argument and runs a few simple string/regex checks. That is a functional mismatch: the skill does not actually implement the heavy-weight static analysis or commit/diff awareness its description advertises.
Instruction Scope
SKILL.md's runtime instructions are limited to recommending installing go static analysis tools and showing a Git hook example; it does not instruct the agent to read unrelated system files, exfiltrate data, or contact external endpoints. However, the instructions assume use of external tools that the code does not invoke, leaving scope ambiguous (user or agent must run those tools separately).
Install Mechanism
There is no install spec (instruction-only). SKILL.md suggests go install commands for common linters — this is normal and lower risk than an automatic remote download/extract. No URLs, no extracted archives, and no package installs performed by the skill itself.
Credentials
The skill does not request any environment variables, credentials, or config paths. SKILL.md and code do not access secrets or other unrelated environment state. Requested permissions are proportional (none).
Persistence & Privilege
The skill is not always-enabled and has no install-time persistence. It does not modify other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk behaviors here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install golang-code-review - After installation, invoke the skill by name or use
/golang-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of golang-code-review-axd.
- Released version 1.0.0.
- Provides code review capabilities for Go (Golang) projects.
Metadata
Frequently Asked Questions
What is golang-code-review?
Provides comprehensive Golang code reviews for Git merge commits, checking format, quality, best practices, security, and generating detailed Markdown reports. It is an AI Agent Skill for Claude Code / OpenClaw, with 292 downloads so far.
How do I install golang-code-review?
Run "/install golang-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is golang-code-review free?
Yes, golang-code-review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does golang-code-review support?
golang-code-review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created golang-code-review?
It is built and maintained by knifeAn (@knifean); the current version is v1.0.0.
More Skills