← Back to Skills Marketplace
Phoenix Code Review
by
Kevin Anderson
· GitHub ↗
· v1.2.1
· MIT-0
125
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install phoenix-code-review
Description
Reviews Phoenix code for controller patterns, context boundaries, routing, and plugs. Use when reviewing Phoenix apps, checking controllers, routers, or cont...
README (SKILL.md)
Phoenix Code Review
Quick Reference
| Issue Type | Reference |
|---|---|
| Bounded contexts, Ecto integration | references/contexts.md |
| Actions, params, error handling | references/controllers.md |
| Pipelines, scopes, verified routes | references/routing.md |
| Custom plugs, authentication | references/plugs.md |
Review Checklist
Controllers
- Business logic in contexts, not controllers
- Controllers return proper HTTP status codes
- Action clauses handle all expected patterns
- Fallback controllers handle errors consistently
Contexts
- Contexts are bounded by domain, not technical layer
- Public functions have clear, domain-focused names
- Changesets validate all user input
- No Ecto queries in controllers
Routing
- Verified routes (~p sigil) used, not string paths
- Pipelines group related plugs
- Resources use only needed actions
- Scopes group related routes
Plugs
- Authentication/authorization via plugs
- Plugs are composable and single-purpose
- Halt called after sending response in plugs
JSON APIs
- Proper content negotiation
- Consistent error response format
- Pagination for list endpoints
Valid Patterns (Do NOT Flag)
- Controller calling multiple contexts - Valid for orchestration
- Inline Ecto query in context - Context owns its data access
- Using
action_fallback- Centralized error handling pattern - Multiple pipelines per route - Composition is intentional
Plug.Conn.halt/1without send - May be handled by fallback
Context-Sensitive Rules
| Issue | Flag ONLY IF |
|---|---|
| Missing changeset validation | Field accepts user input AND no validation exists |
| Controller too large | More than 7 actions OR actions > 20 lines |
| Missing authorization | Route is not public AND no auth plug in pipeline |
Gates (run in order; each step has a pass condition)
- Anchored evidence — For every planned finding, open the source and note file path + line number from that read (not from memory or diff snippets alone). Pass: each finding cites
path:linethat you opened. - “Handled elsewhere” sweep — Before reporting “missing validation,” “missing auth,” or “wrong status,” search the router (pipelines/scopes), controller (
action_fallback,plug), and relevant context for existing checks. Pass: you recorded whether handling exists elsewhere (yes + where, or no after search). - Verification protocol — Load and apply review-verification-protocol for the issue type. Pass: that skill’s pre-report checks for that finding class are satisfied before you write the finding.
- Finding shape — Emit each issue as
[FILE:LINE] ISSUE_TITLEwith a one-line rationale tied to the cited code. Pass: every line matches that pattern.
Before Submitting Findings
Do not report until Gates above pass. For full anti-false-positive steps, follow review-verification-protocol.
Usage Guidance
This skill appears coherent and low-risk: it is a documentation-driven code-review helper that will read your project files to produce findings. Before using it, ensure you only grant the agent access to the repository you want reviewed, confirm whether the referenced ../review-verification-protocol skill exists (or provide an equivalent verification process), and be mindful that reported findings will include file paths and line numbers (which may expose code snippets). If you need stricter control, run the review in a sandboxed environment or limit the agent's filesystem access. Lastly, remember autonomous invocation is allowed by default — disable it if you prefer to run reviews manually.
Capability Tags
Capability Assessment
Purpose & Capability
Name, description, and all included reference docs (controllers, contexts, plugs, routing) align with a Phoenix code-review helper. The skill requests no environment variables, binaries, or config paths that would be unrelated to code review.
Instruction Scope
The SKILL.md explicitly instructs the agent to open project source files and cite file:line for findings — this is expected for a code-review skill, but it grants the agent broad read access to the repository. The gates reference an external verification skill at ../review-verification-protocol/SKILL.md which is not included here; that dependency may block verification or produce vague behavior if missing. Overall scope is coherent with the purpose, but you should be aware it will inspect repository files and expects another review skill to be present.
Install Mechanism
No install spec and no code files: instruction-only (no code is written to disk or downloaded). This is the lowest-risk install posture.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing requests unrelated secrets or system access.
Persistence & Privilege
always:false and default agent invocation are set. The skill does not request permanent presence or system-wide configuration changes; autonomy is allowed by default but is not combined with other elevated privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install phoenix-code-review - After installation, invoke the skill by name or use
/phoenix-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.1
- Added a "Gates" section outlining required step-by-step evidence, cross-check, and verification protocols before reporting findings.
- Updated references to the review verification protocol for improved accuracy.
- Clarified that issues should not be reported until all gates are passed, emphasizing anti-false-positive checks.
- No functional or logic changes to checklists or core review rules.
v1.2.0
- Added a comprehensive review checklist covering controllers, contexts, routing, plugs, and JSON APIs.
- Included a quick reference table linking to relevant pattern guides.
- Documented valid code patterns that should not be flagged as issues.
- Outlined context-sensitive rules for common Phoenix code review concerns.
- Instructed users to follow the review verification protocol before submitting findings.
Metadata
Frequently Asked Questions
What is Phoenix Code Review?
Reviews Phoenix code for controller patterns, context boundaries, routing, and plugs. Use when reviewing Phoenix apps, checking controllers, routers, or cont... It is an AI Agent Skill for Claude Code / OpenClaw, with 125 downloads so far.
How do I install Phoenix Code Review?
Run "/install phoenix-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Phoenix Code Review free?
Yes, Phoenix Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Phoenix Code Review support?
Phoenix Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Phoenix Code Review?
It is built and maintained by Kevin Anderson (@anderskev); the current version is v1.2.1.
More Skills