← Back to Skills Marketplace
sydpz

Code Review

by BingWang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
120
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install codereview-assistant
Description
Code review best practices and workflow skill. Use when: reviewing pull requests, performing peer code review, setting up code review standards, or improving...
README (SKILL.md)

Code Review Skill

A structured approach to code review that balances thoroughness with efficiency.

Core Principles

  1. Review the code, not the author — Assume good intent, focus on the work.
  2. Be specific and constructive — Every comment should have a clear action.
  3. Prioritize by severity — Not all issues are equal.
  4. Approve with confidence — Don't approve code you wouldn't want to maintain.

Review Focus Areas

🔴 Critical — Must Fix Before Merge

  • Security vulnerabilities (SQL injection, auth bypass, secrets in code)
  • Data loss risks (missing validations, unguarded deletions)
  • Race conditions and concurrency bugs
  • Breaking production failures

🟡 Important — Should Fix Before Merge

  • Error handling gaps
  • Performance issues (N+1 queries, missing indexes, memory leaks)
  • Missing test coverage for critical paths
  • Inconsistent error responses
  • Code that violates team conventions

🟢 Nit — Consider Fixing

  • Naming that could be clearer
  • Commented-out code
  • Minor formatting inconsistencies
  • Overly complex one-liners

Review Workflow

Step 1: Understand the Context

  1. Read the PR description and linked issues/tickets
  2. Check what the PR is trying to accomplish
  3. Understand the scope of changes

Step 2: Scan First Pass

Quick scan for:

  • Obvious bugs or logic errors
  • Security concerns
  • Missing tests
  • Breaking changes

Step 3: Deep Review

For each changed file:

  1. Read the diff carefully
  2. Cross-reference with design documents
  3. Check for side effects on existing functionality
  4. Verify test coverage

Step 4: Classify and Comment

For each issue found, classify:

[🔴 CRITICAL] \x3Ctitle>
Description of the issue.
Suggested fix: \x3Caction>

[🟡 IMPORTANT] \x3Ctitle>
Description of the issue.
Suggested fix: \x3Caction>

[🟢 NIT] \x3Ctitle>
Optional suggestion.

Step 5: Make a Decision

Condition Decision
No critical issues, minor nits Approve
Important issues need fixing 🔄 Request Changes
Critical issues found Request Changes (block merge)
Need context/clarification 💬 Comment (don't approve yet)

PR Description Checklist

A good PR description should have:

  • What — Brief summary of the change
  • Why — Business or technical motivation
  • How — High-level approach taken
  • Testing — How the change was tested
  • Screenshots — UI changes (before/after)
  • Breaking Changes — Any API or contract changes
  • Related Issues — Links to tickets

Review Comment Templates

Starting a Review

I've reviewed this PR. Here's my feedback:

**Looking at:** [files/modules]
**Tested locally:** [yes/no with details]

Approving

✅ **Approve** — Code looks good, ready to merge.
Minor suggestions (non-blocking):
- [nit 1]
- [nit 2]

Requesting Changes

🔄 **Request Changes** — Please address the following before merging:

**Critical:**
1. [issue] — [fix suggestion]

**Important:**
2. [issue] — [fix suggestion]

Blocking Merge

❌ **Blocking Merge** — This PR introduces a critical issue that must be resolved:

[Detailed description of the critical issue]

Per-Language/Framework Notes

Go

  • Check error handling on every function call
  • Verify context.Context propagation
  • Look for defer resource cleanup
  • Check goroutine leaks (use go vet)
  • Review SQL query construction (avoid string concatenation)

TypeScript/Node.js

  • Check async/await error handling
  • Verify input validation on API handlers
  • Look for memory leak patterns (event listeners not removed)
  • Check dependency injection patterns
  • Review any type usage

Python

  • Check exception handling
  • Verify database connection cleanup
  • Look for proper with statement usage
  • Review decorator usage for side effects
  • Check type hints completeness

Java/Kotlin

  • Check exception handling and logging
  • Verify resource cleanup (try-with-resources)
  • Review Spring annotations usage
  • Look for thread safety issues
  • Check transaction boundaries

Automation Complement

Code review augments (not replaces) automated tools:

  • Linters — Formatting, style conventions
  • Type checkers — Type safety
  • SAST scanners — Security vulnerability detection
  • Coverage tools — Test coverage metrics

Always verify what the automation missed.

File Structure

code-review/
├── SKILL.md
└── references/
    ├── review-checklist.md
    ├── comment-templates.md
    ├── severity-classification.md
    └── per-language-notes/
        ├── go.md
        ├── typescript.md
        ├── python.md
        └── java.md
Usage Guidance
This skill is documentation-only and internally consistent with its stated purpose, so technical risk is low. Before installing, consider: (1) the source is unknown and there's no homepage — if provenance matters to you, review the files yourself; (2) adapt templates to your team's policies and sensitive-data handling rules (the guides remind reviewers to check for secrets, but avoid pasting private secrets into review comments); and (3) because it's instruction-only, it won't run code or exfiltrate data itself, but be cautious if you copy templates into automation that might call external services.
Capability Analysis
Type: OpenClaw Skill Name: codereview-assistant Version: 1.0.0 The 'codereview-assistant' skill bundle consists entirely of markdown documentation and structured instructions for an AI agent to perform code reviews. It promotes security best practices, such as checking for SQL injection and hardcoded secrets, and contains no executable code, network requests, or suspicious prompt-injection attempts (SKILL.md, review-checklist.md).
Capability Assessment
Purpose & Capability
Name/description (code review best practices) match the contents: checklists, templates, per-language notes, and workflows. The skill requests no binaries, env vars, or installs that would be unnecessary for a documentation/template skill.
Instruction Scope
SKILL.md directs the reviewer to read PR descriptions, diffs, linked docs, and run standard review steps — all expected for a code-review assistant. It does not instruct reading unrelated files, accessing credentials, or sending data to external endpoints.
Install Mechanism
No install spec and no code files that execute — lowest-risk pattern for a skill composed of guidance and reference documents.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportional to a documentation-only code-review helper.
Persistence & Privilege
always:false and normal user-invocable/autonomous-invocation defaults. The skill does not request persistent system presence or modify other skills; this is appropriate for its purpose.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install codereview-assistant
  3. After installation, invoke the skill by name or use /codereview-assistant
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial public release of the Code Review Skill. - Provides structured code review workflow, including focus areas, severity classification, and decision criteria. - Includes checklists for PR descriptions and review comments. - Offers language-specific review guidelines for Go, TypeScript/Node.js, Python, and Java/Kotlin. - Supplies reusable templates for review comments and approvals.
Metadata
Slug codereview-assistant
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Code Review?

Code review best practices and workflow skill. Use when: reviewing pull requests, performing peer code review, setting up code review standards, or improving... It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.

How do I install Code Review?

Run "/install codereview-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Code Review free?

Yes, Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Code Review support?

Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Code Review?

It is built and maintained by BingWang (@sydpz); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments