← Back to Skills Marketplace
keven0706

OpenClaw代码审查助手

by keven0706 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
117
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-code-review-assistant
Description
自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。
Usage Guidance
这个技能的文档写得很完整,但随包的实现只是一个非常简单的 shell 脚本,主要输出预先写好的示例报告并在有 git 时显示 diff 统计。建议在安装或在 CI 中使用之前: - 手动审阅 code-review-assistant.sh,确认没有网络调用或隐藏逻辑(当前版本没有)。 - 如果你期望真实的 PR 集成或深度静态分析,要求作者提供或引用实际使用的分析工具(如 semgrep/bandit/errcheck/clang-tidy 等)和实现细节;当前并不包含这些工具。 - 注意文档中提到的 GITHUB_TOKEN 未被脚本使用——不要错误地将敏感凭据交给不可信来源。若未来版本要求 GITHUB_TOKEN,确认其仅用于调用官方 API 并且请求方可信。 - 核对发布者/owner 信息(元数据中的 ownerId 与注册页面可能不一致);优先选择来源可追溯的、在公共仓库有发布记录的技能。 - 若要在生产环境或 CI 中使用,先在隔离环境(测试仓库/容器)中验证其行为并评估输出质量。
Capability Analysis
Type: OpenClaw Skill Name: openclaw-code-review-assistant Version: 1.0.1 The bundle is a placeholder or template for a code review tool. The shell script (code-review-assistant.sh) provides hardcoded, static responses for its commands (review, diff, pr) rather than performing actual analysis, and the SKILL.md contains standard documentation without any prompt injection or malicious instructions.
Capability Assessment
Purpose & Capability
SKILL 名称与描述宣称“自动化代码审查、漏洞扫描、PR 审查”等完整功能,但随包仅包含一个简单的 shell 脚本(code-review-assistant.sh)和说明文档。脚本主要打印预制的报告片段并在有 git 时运行 git diff --stat;并未执行真实的静态分析工具或与外部扫描服务交互。功能声称与实际实现不匹配(夸大能力)。
Instruction Scope
SKILL.md 指南描述了审查单个文件、git diff、PR 审查和 CI 集成,并建议设置 GITHUB_TOKEN 以启用 PR 审查。实际脚本在 pr 分支仅打印“GitHub integration not configured / Set GITHUB_TOKEN to enable PR reviews”,没有使用 GITHUB_TOKEN,也没有实现任何 API 调用或 PR 拉取逻辑——说明文档授予的能力超出了脚本实际执行的范围。脚本不会读取未声明的系统配置或凭据,但文档的开放表述可能误导用户以为具备自动化 PR 扫描能力。
Install Mechanism
无安装规范;这是指令 + 单个 shell 脚本的组合。没有远程下载、依赖安装或将外部二进制写入磁盘的步骤,安装面相对低风险。
Credentials
技能未声明需要任何环境变量或凭证(requires.env 为空),但文档提到 GITHUB_TOKEN 可用于启用 PR 审查。脚本本身并不读取任何环境变量,存在文档和实现之间的不一致。此外,示例报告中包含一个示例“sk-1234567890”硬编码 API key(仅用于示例),可能引发误解但并非实际凭据读取或泄露。
Persistence & Privilege
技能未请求常驻(always)权限或修改其它技能/系统配置;默认的自主调用并未与其他高风险特征(广泛凭据访问、远程下载等)结合,因此无明显持久或特权滥用迹象。
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-code-review-assistant
  3. After installation, invoke the skill by name or use /openclaw-code-review-assistant
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
添加完整的中文使用文档和配置选项
Metadata
Slug openclaw-code-review-assistant
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OpenClaw代码审查助手?

自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。 It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.

How do I install OpenClaw代码审查助手?

Run "/install openclaw-code-review-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw代码审查助手 free?

Yes, OpenClaw代码审查助手 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw代码审查助手 support?

OpenClaw代码审查助手 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw代码审查助手?

It is built and maintained by keven0706 (@keven0706); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments