← Back to Skills Marketplace
Code Reviewer
by
ericlooi504
· GitHub ↗
· v1.0.0
· MIT-0
36
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install eric-code-reviewer
Description
Automated code review for pull requests and code snippets. Analyzes code quality, security vulnerabilities, performance issues, and best practices across Pyt...
README (SKILL.md)
Code Reviewer
Automated code review analysis for quality, security, performance, and best practices.
When to Use
✅ USE this skill when:
- "Review this code for bugs"
- "Check my PR before I submit it"
- "Is there any security issue in this function?"
- "Can you optimize this code?"
- "Review this git diff"
- "Does this follow [language] best practices?"
- "Compare these two implementations"
❌ DON'T use this skill when:
- Need full test suite generation → use a testing skill
- Need architectural design review → use architecture skills
- Need deployment pipeline review → use CI/CD skills
- The code is proprietary/sensitive and shouldn't be shared
Review Checklist
For every code review, the agent checks in this order:
1. 🔴 Critical (must fix)
| Check | What to look for |
|---|---|
| SQL Injection | String concatenation in queries, unescaped user input |
| XSS | Unsanitized output in HTML/templates, dangerouslySetInnerHTML |
| Command Injection | os.system(), exec(), subprocess(shell=True) with user input |
| Path Traversal | ../../ in file paths, unsanitized filenames |
| Sensitive Data | Hardcoded API keys, passwords, tokens, secrets |
| Unvalidated Input | Missing type checks, no boundary validation on arrays/buffers |
2. 🟡 Important (should fix)
| Check | What to look for |
|---|---|
| Null/Undefined | Missing null checks, no Optional/Maybe wrapping |
| Error Handling | Bare except:, swallowed exceptions, no error context |
| Race Conditions | Shared state without locks, async without mutexes |
| Resource Leaks | Unclosed files, connections, handles |
| Type Safety | Implicit casts, any types, missing generics |
| Dead Code | Unused variables, imports, unreachable branches |
3. 🟢 Nice to have
| Check | What to look for |
|---|---|
| Naming | Vague names (data, tmp, foo), inconsistent casing |
| Comments | Stale/no comments, commented-out code |
| Duplication | Repeated logic that should be a function |
| Logging | Missing context in log messages, wrong log level |
| Tests | Missing edge cases, no test for the change |
Workflow
Step 1: Accept Input
The agent accepts code in these forms:
- Pasted code block: "Review this function: ```python ..."
- File path: "Review src/app.js"
- Git diff: "Review my uncommitted changes" → runs
git diff - GitHub PR URL: "Review https://github.com/user/repo/pull/42"
- Branch comparison: "Review changes between main and feature-branch"
Step 2: Analyze
For each code segment:
- Identify the language and framework
- Run the checklist above
- Cross-reference common anti-patterns for the language
- Check for performance traps (N+1 queries, O(n²) in loops, etc.)
Step 3: Report
Present findings in order of severity with:
## 🔴 Critical
- [Line 42] SQL Injection: f-string used in SQL query. Use parameterized queries.
## 🟡 Important
- [Line 15] Missing null check: `user.getName()` may throw if user is None
## 🟢 Suggestion
- [Line 88] Duplicate logic with lines 12-20 — extract to helper function
Step 4: Offer Fixes (Optional)
The agent can:
- Show the fix inline
- Generate a patch file
- Apply changes directly (with confirmation)
Language-Specific Rules
Python
- Prefer f-strings over
.format()or% - Use
withfor resource management - Type hints on function signatures
- List comprehensions over
map/filter - Avoid mutable default arguments
JavaScript / TypeScript
constoverlet, nevervar- Prefer early returns over nested ifs
- Use
===not== - Async/await over raw promises
- Avoid
anyin TypeScript
Java
- Use
Optionalover null returns - Prefer try-with-resources
- Favor composition over inheritance
- Use interface types, not concrete types
Go
- Always check errors
- Use
go fmtconventions - Prefer
deferfor cleanup - Avoid global state
Shell / Bash
- Quote all variable expansions
- Use
set -euo pipefailin scripts - Prefer
[[ ]]over[ ] - Avoid parsing
lsoutput
Examples
User: "Review this Python function" + code block Agent: Runs checklist → finds SQL injection. Reports 🔴 Critical with fix
User: "Check my current git diff" Agent: Runs
git diff, reviews changes, lists findingsUser: "Is this TypeScript safe?" + code block Agent: Checks types, null safety, anti-patterns → 🟡 reports
anymisuse
Notes
- For large PRs, focus on changed lines only
- Flag false positives transparently
- If a file is too large, review the most critical areas first
Usage Guidance
This skill appears safe for normal code-review use. Before installing, be aware that it may inspect local files or git diffs you provide, and only approve direct changes after reading the proposed edits. Do not use it with proprietary or sensitive code unless you are comfortable with the agent reviewing that code.
Capability Analysis
Type: OpenClaw Skill
Name: eric-code-reviewer
Version: 1.0.0
The 'eric-code-reviewer' skill is a standard automated code review tool designed to analyze code for quality, security, and performance. The SKILL.md file provides clear, helpful instructions for the AI agent to identify common vulnerabilities (like SQL injection and command injection) and follow language-specific best practices. There are no indicators of malicious intent, data exfiltration, or unauthorized execution; the use of 'git' is appropriate for its stated purpose of reviewing code changes.
Capability Assessment
Purpose & Capability
The requested capabilities—reviewing pasted code, file paths, git diffs, PR URLs, and branch comparisons—are coherent with an automated code-review skill.
Instruction Scope
The workflow is mostly read-and-report, with optional patch generation or direct edits only stated as requiring confirmation.
Install Mechanism
There is no install script or bundled executable code; the only declared requirement is the purpose-aligned git binary.
Credentials
Reading local files or git diffs is proportionate for code review, but users should avoid using it on code they do not want the agent/model to inspect.
Persistence & Privilege
The artifacts do not request credentials, persistent background execution, privileged access, or long-lived state.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install eric-code-reviewer - After installation, invoke the skill by name or use
/eric-code-reviewer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: automated code review for Python, JS/TS, Java, Go, Rust, Shell
Metadata
Frequently Asked Questions
What is Code Reviewer?
Automated code review for pull requests and code snippets. Analyzes code quality, security vulnerabilities, performance issues, and best practices across Pyt... It is an AI Agent Skill for Claude Code / OpenClaw, with 36 downloads so far.
How do I install Code Reviewer?
Run "/install eric-code-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Code Reviewer free?
Yes, Code Reviewer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Code Reviewer support?
Code Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Code Reviewer?
It is built and maintained by ericlooi504 (@ericlooi504); the current version is v1.0.0.
More Skills