← Back to Skills Marketplace
mzfshark

RedHat Code Review

by Mauricio Z. · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
58
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install axodus-code-review
Description
Review code for correctness, security, performance, and maintainability.
README (SKILL.md)

SKILL: code-review

Purpose

Analyze code (or a diff) to detect bugs, security issues, performance problems, and maintainability risks, then propose concrete improvements.

When to Use

  • Reviewing a PR/diff before merging.
  • A bug is suspected but not yet reproduced.
  • Hardening/security pass is requested.

Inputs

  • scope (required, string): files, diff, or code snippet to review.
  • intent (optional, string): what the code is supposed to do.
  • constraints (optional, string[]): security/perf/compat constraints.
  • risk_tolerance (optional, enum: low|medium|high).

Steps

  1. Identify entrypoints, invariants, and trust boundaries.
  2. Check correctness:
    • edge cases
    • error handling
    • concurrency/races (if applicable)
  3. Check security:
    • input validation
    • authz/authn
    • secrets handling
    • injection risks
  4. Check performance and resource usage:
    • hotspots
    • unbounded loops/data growth
  5. Check maintainability:
    • naming
    • duplication
    • test coverage gaps
  6. Produce a prioritized, actionable report.

Validation

  • Findings include concrete evidence (line references, behavior, or reproducible scenario).
  • Suggestions are compatible with stated constraints.
  • Distinguish “must-fix” from “nice-to-have”.

Output

Review report (example schema):

summary: "\x3C1 paragraph>"
findings:
  - id: "CR-001"
    severity: "high|medium|low"
    category: "bug|security|perf|maintainability"
    issue: "\x3Cwhat>"
    impact: "\x3Cwhy it matters>"
    recommendation: "\x3Chow to fix>"

Safety Rules

  • Do not claim vulnerabilities without evidence.
  • Do not recommend unsafe patterns (e.g., disabling validation to “make it work”).
  • Prefer minimal, targeted fixes.

Example

Input:

  • scope: “diff for auth middleware”

Output:

  • findings include missing audience check on JWTs and a failing negative test case.
Usage Guidance
This skill appears coherent and safe in that it only contains instructions for reviewing code and asks for no credentials or installs. Before installing, consider: (1) provenance — the registry owner ID in the manifest differs from the _meta.json ownerId and the source/homepage are missing, so confirm you trust the publisher; (2) data sensitivity — when using the skill, avoid submitting proprietary secrets or sensitive code to any third-party service or agent session unless you trust it; (3) test first — try the skill with harmless sample code to confirm behavior; and (4) metadata oddities — the skill.yml contains a 'System.Object[]' line and the registry owner vs. _meta.json owner mismatch look like metadata/packaging issues (likely harmless, but worth verifying the publisher). If you require a higher assurance of provenance, request a signed or officially published variant with a verifiable homepage or source repository.
Capability Analysis
Type: OpenClaw Skill Name: axodus-code-review Version: 1.0.0 The skill bundle defines a standard code review process for an AI agent. The instructions in SKILL.md and code-review.md are focused on identifying security vulnerabilities, performance issues, and maintainability risks in a helpful and safe manner. It includes explicit safety rules that prohibit recommending unsafe patterns or making unsubstantiated claims. No malicious logic, data exfiltration, or prompt injection attempts were identified.
Capability Assessment
Purpose & Capability
The name and description (code review for correctness, security, performance, maintainability) match the SKILL.md instructions. The skill is instruction-only and does not request binaries, env vars, or config paths that would be unrelated to code review.
Instruction Scope
SKILL.md clearly describes inputs (scope, intent, constraints) and a bounded review procedure (entrypoints, correctness, security, perf, maintainability) and output schema. It does not instruct the agent to read system files, access unrelated credentials, or transmit data to external endpoints.
Install Mechanism
No install spec or code files are present. Because this is instruction-only, nothing is written to disk or downloaded at install time.
Credentials
No environment variables, credentials, or config paths are required. The skill does not ask for secrets or other sensitive tokens.
Persistence & Privilege
always:false (default) and no special privileges are requested. disable-model-invocation is false (normal), meaning the agent can call the skill when invoked; this is expected for skills and is not flagged alone.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install axodus-code-review
  3. After installation, invoke the skill by name or use /axodus-code-review
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of axodus-code-review. - Provides a structured process for reviewing code or diffs with a focus on correctness, security, performance, and maintainability. - Accepts code scope, intent, constraints, and risk tolerance as inputs. - Outputs a prioritized review report with concrete findings and actionable recommendations. - Built-in validation ensures findings are evidence-based and suggestions respect stated constraints. - Includes specific safety rules to avoid unsafe recommendations.
Metadata
Slug axodus-code-review
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is RedHat Code Review?

Review code for correctness, security, performance, and maintainability. It is an AI Agent Skill for Claude Code / OpenClaw, with 58 downloads so far.

How do I install RedHat Code Review?

Run "/install axodus-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is RedHat Code Review free?

Yes, RedHat Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does RedHat Code Review support?

RedHat Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created RedHat Code Review?

It is built and maintained by Mauricio Z. (@mzfshark); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments