← Back to Skills Marketplace
163
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cody
Description
代码 Review 助手。分析 Git diff 或代码片段,输出结构化中文 Review 报告,覆盖 Bug、安全漏洞、性能问题、可读性、最佳实践、类型安全、错误处理、测试覆盖。支持严格程度配置(信息/优化/标准/严重)和多种主流语言(Python/JS/TS/Java/Go/Rust)。支持 GitHub/G...
README (SKILL.md)
代码 Review 助手
工作流程
第一步:获取代码
按优先级尝试以下方式:
- PR diff(最高优先级):运行
scripts/get_pr_diff.py,支持 GitHub/GitLab - Git diff:运行
scripts/get_diff.py获取本地变更 - 用户粘贴:直接分析用户提供的代码片段或 diff 文本
- 指定文件:读取用户指定的文件内容
第二步:确认严格程度
若用户未指定,默认使用标准模式。
| 模式 | 触发词 | 检查范围 |
|---|---|---|
| 🔵 信息 | 快速 review、简单看看 | 命名规范、注释完整性 |
| 🟢 优化 | -(默认最低) | 可读性问题、最佳实践 |
| 🟡 建议 | 标准 review | + 性能问题、明显 Bug |
| 🔴 严重 | 严格模式、PR review | + 安全漏洞、严重 Bug |
详见 references/severity-guide.md。
第三步:执行分析
按以下维度检查,详细规则见 references/review-dimensions.md:
- 🐛 潜在 Bug — 空指针、越界、异常处理、类型错误
- 🔒 安全问题 — SQL 注入、XSS、硬编码密钥、权限校验
- ⚡ 性能问题 — N+1 查询、不必要循环、低效数据结构
- 📖 可读性 — 过长函数、魔法数字、晦涩命名
- ✅ 最佳实践 — DRY 原则、错误处理一致性
- 🧪 类型安全 — 类型注解、隐式转换
- 🛡️ 错误处理 — 异常捕获、返回值校验
- 🧪 测试覆盖 — 关键逻辑缺少测试提示
第四步:语言特定规则
根据代码语言加载对应规则:references/languages/ 目录下包含:
python.md— Python 特定检查javascript.md— JavaScript/TypeScript 检查go.md— Go 语言检查java.md— Java 检查rust.md— Rust 检查
第五步:输出报告
支持三种格式,默认 Markdown:
- Markdown(默认):适合直接阅读和分享
- JSON:适合 CI 集成和二次处理,使用
--format json - HTML:适合生成可分享的报告,使用
--format html
输出模板见 references/report-template.md。
快速参考
| 用户说 | 对应操作 |
|---|---|
| "review 最近的提交" | get_diff.py --commits HEAD~1 |
| "review 和 main 的差异" | get_diff.py --branch main |
| "review GitHub PR #123" | get_pr_diff.py --provider github --pr 123 |
| "严格模式 review" | 启用 🔴 严重模式 |
| "快速看看" | 启用 🔵 信息模式 |
| "输出 JSON" | 使用 JSON 模板 |
| "生成 HTML 报告" | 使用 HTML 模板 |
注意事项
- 优先给出可操作的改进建议,不只是指出问题
- 每条意见附带具体行号(如能定位)
- 中文输出,技术术语保留英文原词
- 若 diff 超过 500 行,按文件分批处理,每批处理完询问是否继续
- 使用语言特定规则时,先识别代码语言再加载对应检查项
Usage Guidance
This skill appears to do what it says: fetch diffs and produce structured code-review reports. Before using it, consider: (1) Only provide GITHUB_TOKEN/GITLAB_TOKEN when necessary and prefer least-privilege / read-only tokens. (2) Avoid asking the skill to read or send files that contain secrets (keys, credentials) unless you intend to expose them. (3) The helper scripts use your local git repo and network calls to GitHub/GitLab — run them in a safe working directory and review output before sharing externally. (4) There is no installer or hidden network endpoint in the package; the main remaining risk is accidental exposure of repository contents if you request broad diffs or files.
Capability Analysis
Type: OpenClaw Skill
Name: cody
Version: 1.0.0
The bundle is a legitimate code review assistant designed to analyze Git diffs and pull requests. It includes functional Python scripts (scripts/get_diff.py and scripts/get_pr_diff.py) that use standard Git commands and GitHub/GitLab APIs to retrieve code changes for analysis. The scripts handle authentication tokens via environment variables securely and do not exhibit signs of data exfiltration, shell injection, or malicious intent. The documentation and instructions in SKILL.md are well-structured and strictly aligned with the tool's stated purpose of providing multi-language code quality and security reviews.
Capability Assessment
Purpose & Capability
Name/description match the included files: SKILL.md describes code-review behavior and the repository provides get_diff.py and get_pr_diff.py plus language/rule references. The optional use of GITHUB_TOKEN / GITLAB_TOKEN in get_pr_diff.py is appropriate for fetching PR/MR diffs.
Instruction Scope
Runtime instructions are scoped to obtaining diffs (local git, PRs via API, or user-pasted snippets) and running language-specific checks. One attention point: the skill will read repository files or any file the user explicitly asks it to (via '--file' or '指定文件'), so sensitive files in the repo could be exposed if you request them — this is expected behavior for a review tool but worth being cautious about.
Install Mechanism
No install spec; this is an instruction-only skill with included Python helper scripts. Nothing downloads or extracts remote code or installs packages, so installation risk is low.
Credentials
The skill does not declare required env vars. get_pr_diff.py optionally reads GITHUB_TOKEN and GITLAB_TOKEN to access private PRs/MRs — these are directly relevant and proportionate to the described capability. No unrelated secrets or configuration paths are requested.
Persistence & Privilege
always is false and the skill has no install-time hooks or requests for permanent agent-wide privileges. It does not modify other skills or system-wide config.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cody - After installation, invoke the skill by name or use
/cody - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release with comprehensive code review capabilities:
- 分析 Git diff 或代码片段,输出结构化中文 Review 报告,覆盖 Bug、安全、性能、可读性、最佳实践、类型安全、错误处理、测试覆盖等多维度
- 支持严格程度配置(信息/优化/标准/严重),涵盖多种主流编程语言(Python/JavaScript/TypeScript/Java/Go/Rust)
- Source 支持 GitHub/GitLab PR diff、本地 Git diff、直接粘贴或文件读取
- 报告支持 Markdown、JSON、HTML 输出格式,方便阅读、分享及集成
- 专为提效代码审查场景设计,快速识别并给出可操作建议
Metadata
Frequently Asked Questions
What is code-review-assistant?
代码 Review 助手。分析 Git diff 或代码片段,输出结构化中文 Review 报告,覆盖 Bug、安全漏洞、性能问题、可读性、最佳实践、类型安全、错误处理、测试覆盖。支持严格程度配置(信息/优化/标准/严重)和多种主流语言(Python/JS/TS/Java/Go/Rust)。支持 GitHub/G... It is an AI Agent Skill for Claude Code / OpenClaw, with 163 downloads so far.
How do I install code-review-assistant?
Run "/install cody" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is code-review-assistant free?
Yes, code-review-assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does code-review-assistant support?
code-review-assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created code-review-assistant?
It is built and maintained by xonet1 (@xonet1); the current version is v1.0.0.
More Skills