← Back to Skills Marketplace
Astronclaw Code Review
by
ShiXiangYu2
· GitHub ↗
· v1.0.0
· MIT-0
82
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install astronclaw-code-review
Description
基于AI自动化分析代码质量、安全漏洞和性能瓶颈,提供多维度智能审查与详细报告生成。
README (SKILL.md)
AI Code Review Assistant
🏆 科大讯飞 AstronClaw 养虾挑战赛参赛作品
🧠 AI驱动的智能代码审查助手,自动化代码质量、安全和性能分析
📋 技能概述
AI Code Review Assistant 是一个基于 AstronClaw 平台的智能代码审查技能,通过AI技术自动化分析代码质量、安全漏洞和性能问题,帮助开发者提升代码质量,降低技术债务。
核心价值
- 🚀 自动化审查:一键式代码质量、安全、性能多维度分析
- 🧠 AI智能建议:集成讯飞星火API,提供个性化改进建议
- 🛡️ 安全加固:检测常见安全漏洞和风险模式
- ⚡ 性能优化:识别性能瓶颈,提供优化方案
- 📊 专业报告:生成详细审查报告(Markdown/HTML/JSON)
🚀 快速开始
安装方式
通过 AstronClaw SkillHub 安装
# 在 AstronClaw 平台搜索 "AI Code Review Assistant"
# 或通过 SkillHub 直接安装
本地开发模式
# 1. 克隆项目
git clone \x3Crepository-url>
cd astronclaw-code-review
# 2. 安装依赖
npm install
# 3. 运行测试
npm test
# 4. 启动开发服务
npm run dev
基本使用
// 在 AstronClaw 环境中使用
import { CodeReviewAssistant } from 'code-review-assistant';
// 初始化助手
const assistant = new CodeReviewAssistant({
reviewLevel: 'standard',
aiEnabled: true,
includeSecurity: true,
includePerformance: true
});
await assistant.init();
// 执行代码审查
const result = await assistant.reviewCode({
filePath: 'src/main.js',
code: `function example() { /* your code */ }`,
options: {
language: 'javascript'
}
});
// 生成报告
const report = await assistant.generateReport({
reviewResults: result,
format: 'markdown'
});
🔧 可用工具
本技能提供5个核心工具,可在AstronClaw中直接使用:
1. CodeReview - 综合代码审查
描述: 质量、安全、性能多维度分析,集成AI智能建议
参数:
filePath(可选): 要审查的文件路径code(可选): 直接提供代码内容options.language: 编程语言(默认: 'javascript')
# 使用示例
astronclaw CodeReview --filePath "src/app.js" --options.language "javascript"
2. CodeQualityScan - 代码质量专项扫描
描述: 规范检查、复杂度分析、重复代码检测
参数:
filePath(可选): 要扫描的文件路径code(可选): 直接提供代码内容
# 使用示例
astronclaw CodeQualityScan --filePath "src/utils.js"
3. SecurityAudit - 安全审计
描述: 漏洞检测、敏感信息扫描、依赖安全检查
参数:
filePath(可选): 要审计的文件路径code(可选): 直接提供代码内容
# 使用示例
astronclaw SecurityAudit --filePath "src/auth.js"
4. PerformanceAnalysis - 性能分析
描述: 瓶颈识别、优化建议、内存使用分析
参数:
filePath(可选): 要分析的文件路径code(可选): 直接提供代码内容
# 使用示例
astronclaw PerformanceAnalysis --filePath "src/optimize.js"
5. GenerateReviewReport - 生成审查报告
描述: 生成Markdown/HTML/JSON格式的详细审查报告
参数:
reviewResults: 审查结果对象format: 报告格式 ('markdown', 'html', 'json')includeDetails: 是否包含详细问题列表(默认: true)
# 使用示例
astronclaw GenerateReviewReport --format "markdown" --includeDetails true
⚙️ 配置说明
技能配置 (skill.json)
{
"reviewLevel": {
"level": "standard",
"includeSecurity": true,
"includePerformance": true
},
"aiSettings": {
"enabled": true,
"provider": "iflytek-spark",
"model": "spark-3.0"
}
}
环境变量
# AI API配置
IFLYTEK_SPARK_API_KEY=your_api_key
IFLYTEK_SPARK_API_SECRET=your_api_secret
# 审查配置
REVIEW_LEVEL=advanced
AI_ENABLED=true
审查级别说明
- basic: 基础审查 - 仅代码质量检查
- standard: 标准审查 - 质量 + 安全 + 性能(默认)
- advanced: 高级审查 - 包含架构评估和深度分析
📊 性能指标
审查能力
- 支持语言: JavaScript/TypeScript (可扩展)
- 分析速度: \x3C 5秒/1000行代码
- 准确率: > 85% (基于测试数据)
- 报告生成: \x3C 2秒
资源使用
- 内存占用: \x3C 100MB
- CPU使用: \x3C 30%
- 网络请求: 仅AI分析时需外网
🎯 使用示例
示例1:综合代码审查
import { getCodeReviewAssistant } from './src/index.js';
async function example() {
const assistant = getCodeReviewAssistant();
const result = await assistant.reviewCode({
code: `
function processUserData(user) {
// 硬编码API密钥(安全风险)
const apiKey = "sk_live_1234567890";
// SQL拼接(安全风险)
const query = "SELECT * FROM users WHERE name = '" + user.name + "'";
// 循环中字符串拼接(性能问题)
let output = "";
for (let i = 0; i \x3C 1000; i++) {
output += user.name + "-" + i;
}
return { query, output };
}
`,
options: {
language: 'javascript'
}
});
console.log('审查结果:', result.summary);
console.log('总体评分:', result.summary.overallScore);
// 生成报告
const report = await assistant.generateReport({
reviewResults: result,
format: 'html'
});
// 保存报告到文件
require('fs').writeFileSync('code-review-report.html', report.content);
}
示例2:批量审查文件
const fs = require('fs');
const path = require('path');
async function reviewProject(projectPath) {
const assistant = getCodeReviewAssistant();
const files = fs.readdirSync(projectPath)
.filter(file => file.endsWith('.js') || file.endsWith('.ts'))
.map(file => path.join(projectPath, file));
const results = [];
for (const file of files) {
console.log(`审查文件: ${file}`);
const result = await assistant.reviewCode({
filePath: file
});
results.push({
file,
score: result.summary.overallScore,
issues: result.analysis.quality.issues.length +
(result.analysis.security?.issues?.length || 0) +
(result.analysis.performance?.issues?.length || 0)
});
}
// 生成项目总览报告
const projectSummary = {
totalFiles: results.length,
averageScore: results.reduce((sum, r) => sum + r.score, 0) / results.length,
totalIssues: results.reduce((sum, r) => sum + r.issues, 0),
files: results
};
console.log('项目审查完成:', projectSummary);
return projectSummary;
}
🧪 测试验证
运行测试
# 运行所有测试
npm test
# 运行特定测试
node test/basic.test.js
测试覆盖
- ✅ 系统初始化测试
- ✅ 综合代码审查测试
- ✅ 专项工具测试
- ✅ 报告生成测试
- ✅ AI建议生成测试
🔍 技术架构
架构概述
┌─────────────────────────────────────────────┐
│ AstronClaw Platform │
├─────────────────────────────────────────────┤
│ AI Code Review Assistant Skill │
│ ┌─────────────────────────────────────┐ │
│ │ Core Engine │ │
│ │ ┌─────────┐ ┌─────────┐ ┌───────┐ │ │
│ │ │ Tool │ │ AI │ │ Report│ │ │
│ │ │ System │ │ Engine │ │ Gen │ │ │
│ │ └─────────┘ └─────────┘ └───────┘ │ │
│ └─────────────────────────────────────┘ │
│ ┌─────────────────────────────────────┐ │
│ │ Analysis Modules │ │
│ │ • Code Quality │ │
│ │ • Security Audit │ │
│ │ • Performance Analysis │ │
│ └─────────────────────────────────────┘ │
└─────────────────────────────────────────────┘
核心技术
- 工具系统: 模块化工具架构,支持动态扩展
- 规则引擎: 基于模式的代码分析规则
- AI集成: 讯飞星火API智能分析
- 报告系统: 模板化报告生成引擎
🛠️ 开发指南
项目结构
astronclaw-code-review/
├── SKILL.md # 本文件
├── README.md # 详细文档
├── package.json # 项目配置
├── skill.json # AstronClaw技能配置
├── src/
│ ├── index.js # 主入口文件
│ ├── tool-system/ # 工具系统框架
│ └── tools/ # 5大核心工具
├── test/
│ └── basic.test.js # 功能测试
└── examples/ # 使用示例
扩展技能
要添加新的分析工具:
- 在
src/tools/目录下创建新工具文件 - 实现工具类,包含
static async execute(args, context)方法 - 在
src/index.js的registerCoreTools()方法中注册工具 - 更新
skill.json中的capabilities.tools列表
📞 支持与反馈
问题报告
- GitHub Issues: your-repo/issues
- 邮箱: [email protected]
贡献指南
- Fork 项目
- 创建功能分支 (
git checkout -b feature/awesome-feature) - 提交更改 (
git commit -m 'Add awesome feature') - 推送到分支 (
git push origin feature/awesome-feature) - 创建 Pull Request
代码规范
- 使用 TypeScript 开发
- 遵循 ESLint 规则
- 添加单元测试
- 更新相关文档
📄 许可证
本项目采用 MIT 许可证 - 查看 LICENSE 文件了解详情。
🙏 致谢
- 科大讯飞: 提供 AstronClaw 平台和比赛机会
- 讯飞星火: 提供AI能力支持
- 开源社区: 众多优秀的开源项目参考
让每一行代码都经得起审查,让每一次提交都充满信心
Usage Guidance
This skill mostly appears to implement a local static-analysis/code-review tool, but the documentation claims integration with iFlyTek (讯飞星火) and lists API keys that are not declared in the skill metadata. Before installing or providing any credentials: 1) Ask the author to clarify whether the skill will call external AI services and, if so, why the skill.json does not declare the required environment variables/primary credential. 2) Inspect or request the implementation of callIflytekSparkAPI (or any networking code) to confirm it does not transmit project code to unknown endpoints. 3) If you must test it, run it in a sandboxed environment (no sensitive code, no real API keys) and monitor outbound network connections. 4) Do not supply real API keys (IFLYTEK_SPARK_API_KEY/SECRET or similar) until you verify the destination, data handling policy, and trustworthiness of the repository/author. 5) If you plan to use AI integration, insist the author update skill.json to list required env vars (so the registry can surface credential requests) and document the exact network endpoints and data retention policy.
Capability Analysis
Type: OpenClaw Skill
Name: astronclaw-code-review
Version: 1.0.0
The skill bundle provides a comprehensive code review and security auditing toolset. It contains several 'risky capabilities' that, while plausibly needed for its stated purpose, qualify as suspicious under the provided criteria. Specifically, the tool allows for arbitrary file reading via 'fs.readFileSync' in 'src/tools/code-review.js' and 'src/tools/security-audit.js' without path validation, which could be exploited via prompt injection to read sensitive system files. Additionally, 'src/tools/report-generator.js' generates HTML reports by directly injecting code snippets into templates without sanitization, introducing a potential XSS vulnerability. While the 'src/tools/ai/recommendation-engine.js' includes placeholders for external AI API calls (iFlyTek Spark), no evidence of intentional data exfiltration or malicious intent was found.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description (AI code review, security/performance/quality analysis) align with the included source files (analyzers, report generator, AI recommendation engine). The code contains expected modules and rules for static analysis; nothing in the code suggests unrelated capabilities (e.g., cloud admin access).
Instruction Scope
Runtime instructions and examples focus on scanning files, generating reports, and optionally calling an AI provider. The README/SKILL.md suggest reading project files and writing reports to disk (fs usage) and optionally invoking an external AI service. Those actions are reasonable for a code-review skill, but the SKILL.md also references environment variables and network calls for AI that are not handled consistently in the metadata/code.
Install Mechanism
There is no install spec (instruction-only from the registry perspective). The package contains code but uses standard npm dependencies; there are no downloads from arbitrary URLs or extract steps in the provided metadata.
Credentials
SKILL.md documents IFLYTEK_SPARK_API_KEY and IFLYTEK_SPARK_API_SECRET (and suggests external AI network calls) but the skill metadata (skill.json / package.json) does not declare required env vars or a primary credential. The code's AI path expects an aiApiKey passed via options (generateAIRecommendations checks options.aiApiKey) and the 'callIflytekSparkAPI' implementation is a simulated stub; this mismatch (documented env vars vs metadata vs actual implementation) is the main inconsistency and could hide network/credential usage if a later version adds real network calls.
Persistence & Privilege
The skill does not request 'always: true' and has no special OS/config path requirements. It reads files (expected for scanning) and writes reports in examples; that is within expected scope and confined to the skill's own operation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install astronclaw-code-review - After installation, invoke the skill by name or use
/astronclaw-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of AI Code Review Assistant skill for the AstronClaw platform.
- Automates multi-dimensional code review, including code quality, security, and performance analysis.
- Provides personalized AI-driven suggestions using the iFlytek Spark API.
- Offers five core tools: comprehensive review, quality scan, security audit, performance analysis, and report generation (Markdown/HTML/JSON).
- Supports configuration for review levels, AI provider, and environment setup.
- Includes quick start guide, usage examples, testing instructions, and development pathways for extensibility.
Metadata
Frequently Asked Questions
What is Astronclaw Code Review?
基于AI自动化分析代码质量、安全漏洞和性能瓶颈,提供多维度智能审查与详细报告生成。 It is an AI Agent Skill for Claude Code / OpenClaw, with 82 downloads so far.
How do I install Astronclaw Code Review?
Run "/install astronclaw-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Astronclaw Code Review free?
Yes, Astronclaw Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Astronclaw Code Review support?
Astronclaw Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Astronclaw Code Review?
It is built and maintained by ShiXiangYu2 (@shixiangyu2); the current version is v1.0.0.
More Skills