← Back to Skills Marketplace
Code Assistant
by
Miguel Guerra
· GitHub ↗
· v1.0.0
1120
Downloads
0
Stars
13
Active Installs
1
Versions
Install in OpenClaw
/install code-assistant
Description
Asistente de programación especializado. Analiza código, encuentra bugs, sugiere optimizaciones, refactoriza y genera documentación automáticamente.
README (SKILL.md)
Code Assistant (Asistente de Programación Pro)
Una super-habilidad para desarrolladores. Va más allá de escribir código: analiza, depura, optimiza, refactoriza y documenta.
Capacidades
┌─────────────────────────────────────────────────────┐
│ CODE ASSISTANT │
├─────────────────────────────────────────────────────┤
│ 🔍 Análisis │ Encuentra bugs y code smells │
│ ⚡ Optimización │ Mejora rendimiento y eficiencia │
│ 🔄 Refactor │ Limpia y estructura código │
│ 📝 Documenta │ Genera docstrings y README │
│ 🧪 Tests │ Crea tests unitarios │
│ 🔐 Seguridad │ Detecta vulnerabilidades │
└─────────────────────────────────────────────────────┘
Comandos
Análisis de Código
# Analizar un archivo
code analyze src/utils.ts
# Analizar un directorio
code analyze src/ --depth:2
# Buscar bugs específicos
code bugs src/api/
code find-bugs src/
# Revisar complejidad
code complexity src/heavy-function.ts
Optimización
# Sugerir optimizaciones
code optimize src/slow-algorithm.py
# Optimizar queries SQL
code optimize-sql queries/
# Reducir bundle size
code optimize-bundle src/
Refactorización
# Refactorizar archivo
code refactor src/legacy-code.js
# Aplicar convenciones (PEP8, ESLint rules)
code format src/ --style:pep8
# Extraer función
code extract-function src/long-file.ts --lines:45-80
Documentación
# Generar docstrings
code document src/api/
# Crear README
code readme src/my-project/
# Generar changelog
code changelog --since:v1.0.0
Tests
# Generar tests unitarios
code test-gen src/calculator.ts
# Sugerir edge cases
code edge-cases src/validator.py
Ejemplo de Uso
Usuario: code analyze src/users/auth.ts
Bot: 🔍 Análisis de: src/users/auth.ts
📊 Métricas:
├── Líneas: 245
├── Funciones: 12
├── Complejidad ciclomática: 18 ⚠️ (alta)
└── Cobertura de docs: 30% ⚠️
🐛 Bugs Potenciales (2):
1. Línea 67: Race condition
```typescript
// ❌ Problema
if (user) {
await saveUser(user); // user puede cambiar entre check y save
}
```
💡 Solución: Usar transacción o lock
2. Línea 142: SQL Injection
```typescript
// ❌ Problema
query(`SELECT * FROM users WHERE id = ${userId}`)
```
💡 Solución: Usar parámetros preparados
⚡ Optimizaciones Sugeridas (3):
1. Línea 89: Usar Map en lugar de Object para lookups frecuentes
2. Línea 156: Memoizar resultado de getPermissions()
3. Línea 201: Lazy loading para módulo crypto
🔄 Refactorizaciones Sugeridas:
1. Extraer validateToken() a módulo separado
2. Aplicar patrón Repository para queries
¿Ejecutar alguna acción? [Documentar] [Refactorizar] [Generar Tests]
Lenguajes Soportados
| Lenguaje | Análisis | Docs | Tests |
|---|---|---|---|
| TypeScript/JavaScript | ✅ | ✅ | ✅ |
| Python | ✅ | ✅ | ✅ |
| Go | ✅ | ✅ | ✅ |
| Rust | ✅ | ✅ | ⚠️ |
| Java | ✅ | ✅ | ✅ |
| C/C++ | ⚠️ | ⚠️ | ⚠️ |
Integración con Coding Agents
Puede delegar tareas complejas a Codex, Claude Code o Pi:
# Usar Codex para refactorizar
code refactor src/legacy.ts --agent:codex
# Usar Claude para documentar
code document src/ --agent:claude
Configuración
| Variable | Descripción | Default |
|---|---|---|
CODE_DEFAULT_STYLE |
Estilo de código | auto |
CODE_MAX_COMPLEXITY |
Umbral de complejidad | 15 |
CODE_AUTO_FIX |
Aplicar fixes automáticamente | false |
CODE_IGNORE_PATTERNS |
Patrones a ignorar | node_modules,dist |
Reglas de Análisis
El asistente detecta:
- Security: SQL injection, XSS, path traversal, hardcoded secrets
- Performance: N+1 queries, loops ineficientes, memory leaks
- Style: Nombres inconsistentes, funciones largas, código muerto
- Logic: Null checks faltantes, race conditions, off-by-one errors
Integración
- self-repair: Los bugs encontrados pueden auto-corregirse
- knowledge-base: Busca en documentación indexada
- expert-researcher: Investiga mejores prácticas
Usage Guidance
This skill appears to implement a local static analyzer (scripts/analyzer.ts) and the basic features in SKILL.md but the documentation claims extra integrations (third‑party agents, self‑repair, knowledge base) that are not implemented or documented. Before installing: (1) Ask the publisher for a homepage or source repo and for details about the advertised integrations and whether any external APIs will be used and which credentials are required. (2) Inspect the included scripts yourself (they are bundled here) and run them locally in a safe environment — they read project files but do not perform network calls. (3) Avoid using any 'delegate to external agent' options unless you understand and accept that source code may be transmitted to third parties. (4) Verify how the advertised 'code' CLI is intended to be installed/installed wrapper if you expect to run the commands shown in SKILL.md.
Capability Analysis
Type: OpenClaw Skill
Name: code-assistant
Version: 1.0.0
The skill is designed as a code assistant, requiring file system access for its stated purpose. However, the `scripts/analyzer.ts` directly uses user-provided file and directory paths from `process.argv` without any input sanitization. This creates a Local File Inclusion/Disclosure (LFI/LFD) vulnerability, allowing an attacker to potentially read arbitrary files (e.g., `../../../../etc/passwd`) on the system by manipulating the `target` argument passed to the `code` command. While this is a critical security flaw, the script does not contain explicit code for data exfiltration, installing backdoors, or other actions indicative of intentional malice; it merely reads and attempts to 'analyze' the content.
Capability Assessment
Purpose & Capability
The analyzer.ts implements static analysis, doc generation and simple suggestions which fit the 'code assistant' purpose. However SKILL.md advertises additional capabilities (delegation to Codex/Claude/Pi, self-repair, knowledge-base, expert-researcher, auto-fix) that are not implemented in the provided script. Also SKILL.md uses a 'code' CLI command while the repository provides scripts/analyzer.ts (no install or wrapper to expose a 'code' binary). This mismatch is likely marketing/packaging sloppiness but reduces confidence.
Instruction Scope
Runtime instructions are focused on running a local CLI to analyze project files and refer only to config env vars declared in SKILL.md. The shipped script reads arbitrary files under project directories (expected for a code analyzer). The SKILL.md's references to delegating tasks to external agents (Codex/Claude/Pi) and 'knowledge-base' searching are not backed by code; if an operator uses such delegation in practice it could expose source code to third-party APIs — the skill does not document required API credentials or safeguards.
Install Mechanism
There is no install spec (instruction-only), which is low risk. However the package includes a runnable script (scripts/analyzer.ts) but provides no install/wrapping to create the advertised 'code' command; this is a packaging inconsistency rather than an active install risk. The script itself performs only local filesystem reads and has no network calls or archive downloads.
Credentials
No required secrets or credentials are declared. The script optionally reads benign configuration environment variables (CODE_MAX_COMPLEXITY, CODE_DEFAULT_STYLE, CODE_AUTO_FIX, CODE_IGNORE_PATTERNS) which are proportional to a code analysis tool. No unrelated or excessive env vars are requested.
Persistence & Privilege
The skill does not request always:true and does not declare any persistent/system-wide changes. It contains local analysis code only and does not modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install code-assistant - After installation, invoke the skill by name or use
/code-assistant - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of code-assistant: an all-in-one programming assistant.
- Analyzes code to find bugs, code smells, and vulnerabilities.
- Suggests optimizations for performance and efficiency.
- Refactors and formats code, applying common conventions.
- Automatically generates documentation, docstrings, and READMEs.
- Creates unit tests and suggests edge cases.
- Supports integration with external coding agents (Codex, Claude, Pi).
- Self-repair, documentation lookup, and best-practice research included.
- Multi-language support: TypeScript, Python, Go, Rust, Java, C/C++.
Metadata
Frequently Asked Questions
What is Code Assistant?
Asistente de programación especializado. Analiza código, encuentra bugs, sugiere optimizaciones, refactoriza y genera documentación automáticamente. It is an AI Agent Skill for Claude Code / OpenClaw, with 1120 downloads so far.
How do I install Code Assistant?
Run "/install code-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Code Assistant free?
Yes, Code Assistant is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Code Assistant support?
Code Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Code Assistant?
It is built and maintained by Miguel Guerra (@miguelguerra200022-sudo); the current version is v1.0.0.
More Skills