← Back to Skills Marketplace
Peter Code Review
by
chinasilva
· GitHub ↗
· v1.5.0
407
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install peter-code-review
Description
提交前质量闸门。快速完成本地测试、静态检查和风险审查,判断“是否可提交”。
Usage Guidance
This skill is an instruction-driven pre-commit reviewer that will run git commands and whatever project-local scripts exist (lint, typecheck, tests, build, gate:db). Before using it: (1) run it in a trusted/isolated environment (or ensure no sensitive env vars are set), because npm/test/build scripts execute repository code and can perform network I/O or read host env; (2) ensure your machine has the developer tools the skill expects (git, node/npm/npx or ruff/pytest or go/cargo); (3) confirm you trust the repository code (or run inside a container/CI) if you let the agent execute build/test commands; and (4) note the metadata could be clearer about required binaries — if you need guarantees about what the skill will execute, ask the author for an explicit list of expected commands and any safe-run recommendations.
Capability Analysis
Type: OpenClaw Skill
Name: peter-code-review
Version: 1.5.0
The skill executes various project-defined scripts (e.g., `npm run lint`, `npm run test`, `pytest`, `go test`, `cargo test`) as part of its code review and quality gate process, as instructed in `SKILL.md`. While these commands are plausibly needed for the stated purpose, they allow the execution of arbitrary code defined within the user's project. This presents a significant vulnerability, as a malicious project could embed harmful scripts that would be executed by the OpenClaw agent when this skill is run on it. Although the skill itself does not exhibit explicit malicious intent (e.g., data exfiltration, persistence), this capability without strong input sanitization or sandboxing constitutes a high-risk behavior.
Capability Assessment
Purpose & Capability
The skill's name/description (pre-submit quality gate) matches the instructions (identify git changes, run lint/type/test/build/gate checks, produce a report). Minor inconsistency: the registry metadata lists no required binaries, but the SKILL.md explicitly expects common developer tools (git, npm/npx, tsc, ruff, pytest, go, cargo, etc.). This is reasonable for a repo-local tool but the declared metadata could be more explicit about expected tools.
Instruction Scope
SKILL.md instructs the agent to run git commands and project-local commands (npm scripts, test/build commands) in the repository root and to read diffs and file lists — all coherent with a pre-commit review. It does not instruct sending data to external endpoints. Caution: executing project scripts (npm run build, workflow:check, gate:db, tests) will run code from the repository which could perform network I/O or read environment variables on the host; the skill documents behavior when commands are missing and requires recording failures.
Install Mechanism
No install spec and no code files — lowest technical risk. The skill is instruction-only so nothing is written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables or credentials (which is appropriate). However, the commands it runs may implicitly rely on or read any environment variables present on the host (build/test scripts often use secrets or CI tokens). The skill does not request unrelated external credentials.
Persistence & Privilege
always: false and no persistent installation — the skill does not request elevated or permanent presence. It does not modify other skills or system-wide configs per the instructions provided.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install peter-code-review - After installation, invoke the skill by name or use
/peter-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
- 支持多技术栈的提交前代码质量审查,自动识别改动范围并根据改动类型动态触发检查
- 集成基础 lint、类型检查、单元/集成测试、依赖/配置变更的构建检查及数据库门控等,多项检查支持缺失时风险提示
- 专为提交前场景设计,默认审查工作区改动,无改动时自动切换至最近提交并给予特殊标注
- 新增 UI 改动检测与手工冒烟要求,未执行 UI 验证时明确标记为潜在风险,不得标记通过
- 输出标准化代码审查报告,含完整检查结论与风险、修复建议
Metadata
Frequently Asked Questions
What is Peter Code Review?
提交前质量闸门。快速完成本地测试、静态检查和风险审查,判断“是否可提交”。 It is an AI Agent Skill for Claude Code / OpenClaw, with 407 downloads so far.
How do I install Peter Code Review?
Run "/install peter-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Peter Code Review free?
Yes, Peter Code Review is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Peter Code Review support?
Peter Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Peter Code Review?
It is built and maintained by chinasilva (@chinasilva); the current version is v1.5.0.
More Skills