← Back to Skills Marketplace
120
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install goudantest
Description
Advanced code review assistant with intelligent analysis, multi-language support, and structured feedback. Performs comprehensive reviews covering correctnes...
README (SKILL.md)
Code Review v2
Intelligent Review Workflow
Phase 1: Context Analysis
Before reviewing code, understand the context:
- Identify change scope: What files/modules are affected?
- Understand intent: Read PR description, linked issues, commit messages
- Assess risk level: -🔴High**: Core logic, auth, payment, data handling, public APIs -Medium**: Business logic, internal APIs, utilities -Low**: Tests, docs, config, minor refactoring
- Determine review depth based on risk level
Phase 2: Automated Analysis
Run these checks mentally before manual review:
□ Static analysis patterns (type mismatches, unused imports, dead code)
□ Security patterns (injection, unsafe deserialization, hardcoded secrets)
□ Performance patterns (N+1 queries, unbounded loops, missing indexes)
□ Concurrency patterns (race conditions, deadlocks, missing synchronization)
Phase 3: Manual Review
Follow the CHECKLIST.md for systematic review.
Phase 4: Feedback Generation
Use templates from TEMPLATES.md for structured feedback.
Quick Reference: Review Dimensions
| Dimension | Focus Area | Key Questions |
|---|---|---|
| Correctness | Logic, edge cases | Does it work correctly in all scenarios? |
| Security | Vulnerabilities, data protection | Are there security risks or data leaks? |
| Performance | Efficiency, resource usage | Will this scale? Any bottlenecks? |
| Maintainability | Readability, structure | Can others understand and modify this? |
| Observability | Logging, monitoring, debugging | Can we detect and diagnose issues? |
| Testing | Coverage, quality | Are changes adequately tested? |
Severity Classification
| Level | Icon | When to Use | Response Required |
|---|---|---|---|
| Blocker | Security vulnerability, data loss, crash | Must fix before merge | |
| Critical | 🔴 Bug, incorrect logic, broken functionality | Must fix before merge | |
| Warning | Code smell, suboptimal pattern, minor issue | Should address | |
| Suggestion | 💡 Improvement opportunity, alternative approach | Consider | |
| Info | ℹ | Observation, documentation note | Optional |
Language-Specific Quick Checks
Python
□ Type hints on public functions
□ No mutable default arguments
□ Context managers for resources
□ f-strings over .format() or %
□ Proper exception handling (not bare except)
□ __init__.py exports are intentional
JavaScript / TypeScript
□ async/await with try-catch (no unhandled promises)
□ No implicit any (TypeScript strict mode)
□ Proper null/undefined handling
□ No direct DOM manipulation in React
□ Keys in list rendering
□ useEffect dependencies complete
Java
□ try-with-resources for Closeable
□ Optional for nullable returns
□ Proper equals/hashCode implementation
□ No raw types (generics)
□ Stream API used appropriately
□ Thread safety considered
Go
□ Error handling (not ignored)
□ defer for cleanup
□ Context passed as first parameter
□ No goroutine leaks
□ Proper mutex usage
□ go vet and golangci-lint clean
Rust
□ No unnecessary clones
□ Proper error types (Result)
□ Lifetimes annotated correctly
□ No unsafe blocks without justification
□ Iterator chains over loops where appropriate
□ Clippy warnings addressed
C#
□ async/await patterns correct
□ using statements for IDisposable
□ Nullable reference types enabled
□ LINQ queries efficient
□ Proper exception filtering
□ CancellationToken usage
Ruby
□ No N+1 queries (includes/eager_load)
□ Proper error handling (rescue)
□ Bang methods for mutating operations
□ Frozen string literals
□ RuboCop clean
PHP
□ Type declarations on parameters/returns
□ Prepared statements (no SQL injection)
□ Proper error handling (try-catch)
□ No global state
□ PSR standards followed
Common Anti-Patterns to Flag
Security
- Hardcoded credentials or API keys
- SQL/NoSQL injection via string interpolation
- XSS via unescaped output
- Insecure deserialization
- Missing rate limiting on public endpoints
- Overly permissive CORS configuration
Performance
- N+1 query patterns
- Unbounded result sets (missing LIMIT)
- Synchronous operations in hot paths
- Missing caching for expensive computations
- Inefficient data structures (O(n²) where O(n log n) possible)
- Memory leaks (unclosed resources, growing caches)
Maintainability
- God classes or functions over 50 lines
- Deep nesting (3+ levels)
- Magic numbers without constants
- Duplicated logic across files
- Tight coupling between modules
- Missing or outdated documentation
Concurrency
- Race conditions on shared state
- Missing synchronization primitives
- Deadlock potential (lock ordering)
- Thread-unsafe collections
- Improper async/await usage
Review Output Formats
Format 1: Markdown (Default)
See TEMPLATES.md for detailed markdown templates.
Format 2: JSON (Machine-Readable)
{
"summary": "Brief overview",
"issues": [
{
"severity": "critical",
"file": "src/auth.py",
"line": 42,
"category": "security",
"message": "SQL injection vulnerability",
"suggestion": "Use parameterized queries"
}
],
"positive_notes": ["Good use of type hints"],
"recommendation": "approve_with_changes"
}
Format 3: Checklist Report
Review Summary for PR #123
==========================
[✓] Correctness - 2 issues found
[✓] Security - 1 critical issue
[✓] Performance - No issues
[✓] Maintainability - 3 suggestions
[✓] Testing - Coverage adequate
[✓] Observability - Missing error context
Recommendation: Changes required before merge
Additional Resources
- CHECKLIST.md - Comprehensive review checklist
- TEMPLATES.md - Feedback templates for various scenarios
- examples.md - Real-world review examples
Usage Guidance
This skill is internally coherent and doesn't request installs or credentials. Before using it, avoid pasting secrets or private keys into the review text (the assistant will analyze any code you provide). If you want it to review a repository, prefer granting minimal, read-only access through your normal tooling rather than copy-pasting sensitive files into chat. Also note the agent may request PR/commit context from you — only supply data you intend to be reviewed.
Capability Analysis
Type: OpenClaw Skill
Name: goudantest
Version: 1.0.0
The skill bundle is a comprehensive and well-structured framework for an AI agent to perform multi-language code reviews. It includes detailed instructions in SKILL.md, a robust security and performance checklist in CHECKLIST.md, and various feedback templates in TEMPLATES.md. While examples.md contains snippets of vulnerable code (such as SQL injection and resource leaks), these are explicitly used as test cases to demonstrate how the agent should identify and report vulnerabilities. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection.
Capability Assessment
Purpose & Capability
Name/description (advanced code review) match the SKILL.md content, templates, checklist and examples. The skill is instruction-only and does not request unrelated binaries, environment variables, or config paths.
Instruction Scope
SKILL.md confines itself to reviewing code, reading PR descriptions/commit messages/linked issues and producing structured feedback. It asks reviewers to look for malicious code/exfiltration in reviewed sources — which is appropriate for a code-review assistant. It does not instruct reading unrelated system files or exfiltrating data to external endpoints.
Install Mechanism
No install spec or code files are present; the skill is instruction-only so nothing is written to disk or downloaded during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no disproportionate secret or credential requests relative to the described functionality.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request persistent/system-wide presence or modify other skills or configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install goudantest - After installation, invoke the skill by name or use
/goudantest - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
code-review-v2 v1.0.0 initial release
- Introduces an advanced code review assistant supporting intelligent analysis and multi-language code review.
- Implements structured workflows for context analysis, automated static and security checks, and phased manual review.
- Provides detailed review dimensions (correctness, security, performance, maintainability, observability, testing) and severity classification.
- Includes quick reference language-specific checklists for Python, JavaScript/TypeScript, Java, Go, Rust, C#, Ruby, and PHP.
- Outlines common anti-patterns to flag and offers flexible output formats (Markdown, JSON, checklist).
- Links to comprehensive checklists, feedback templates, and example reviews for in-depth guidance.
Metadata
Frequently Asked Questions
What is goudantest?
Advanced code review assistant with intelligent analysis, multi-language support, and structured feedback. Performs comprehensive reviews covering correctnes... It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.
How do I install goudantest?
Run "/install goudantest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is goudantest free?
Yes, goudantest is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does goudantest support?
goudantest is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created goudantest?
It is built and maintained by Gou1995 (@gou1995); the current version is v1.0.0.
More Skills