← Back to Skills Marketplace
Go Code Review
by
Kevin Anderson
· GitHub ↗
· v2.3.1
· MIT-0
169
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install go-code-review
Description
Reviews Go code for idiomatic patterns, error handling, concurrency safety, and common mistakes. Use when reviewing .go files, checking error handling, gorou...
README (SKILL.md)
Go Code Review
Review Workflow
Follow this sequence in order. Do not emit findings until every Pass below is satisfied.
-
Baseline
go.mod— Opengo.modand read thegodirective.
Pass: You can state the exactgo X.YYvalue (in the review preamble or working notes). Apply version-gated advice only when it matches this baseline (loop capture pre-1.22,slog/structured logging from 1.21,errors.Joinfrom 1.20). -
Read surrounding code — For each changed
.gofile, read full functions or logical units that contain the edits, not only the diff hunk.
Pass: At least one full enclosing function (or package-levelinit/var block) containing the change was read per changed file. -
Scope the checklist — Decide which Review Checklist blocks apply (error handling, concurrency, interfaces/types, resources, naming). Load references for those blocks; skip blocks that are irrelevant to the diff.
Pass: The review (or working notes) lists which checklist blocks you applied, or marks blocks N/A with a one-line reason tied to the diff (e.g. “no concurrency in change”). -
Pre-report verification — Load and follow review-verification-protocol.
Pass: The protocol’s Pre-Report Verification Checklist is satisfied for each finding you will report (actual code read, surrounding context checked, “wrong” vs “different style” distinguished, etc.).
Hard gates (same sequence, shorter)
| Step | Objective pass condition |
|---|---|
| 1 | go X.YY from go.mod is recorded before version-specific advice. |
| 2 | Full enclosing context read per changed file, not diff-only. |
| 3 | In-scope checklist blocks listed or N/A with diff-tied reason; references opened as needed. |
| 4 | review-verification-protocol completed for every reported issue. |
Output Format
Report findings as:
[FILE:LINE] ISSUE_TITLE
Severity: Critical | Major | Minor | Informational
Description of the issue and why it matters.
Quick Reference
| Issue Type | Reference |
|---|---|
| Missing error checks, wrapping, errors.Join | references/error-handling.md |
| Race conditions, channel misuse, goroutine lifecycle | references/concurrency.md |
| Interface pollution, naming, generics | references/interfaces.md |
| Resource leaks, defer misuse, slog, naming | references/common-mistakes.md |
Review Checklist
Error Handling
- All errors checked (no
_ = errwithout justifying comment) - Errors wrapped with context (
fmt.Errorf("...: %w", err)) -
errors.Is/errors.Asused instead of string matching -
errors.Joinused for aggregating multiple errors (Go 1.20+) - Zero values returned alongside errors
Concurrency
- No goroutine leaks (context cancellation or shutdown signal exists)
- Channels closed by sender only, exactly once
- Shared state protected by mutex or sync types
- WaitGroups used to wait for goroutine completion
- Context propagated through call chain
- Loop variable capture handled (pre-Go 1.22 codebases only)
Interfaces and Types
- Interfaces defined by consumers, not producers
- Interface names follow
-erconvention - Interfaces minimal (1-3 methods)
- Concrete types returned from constructors
-
anypreferred overinterface{}(Go 1.18+) - Generics used where appropriate instead of
anyor code generation
Resources and Lifecycle
- Resources closed with
deferimmediately after creation - HTTP response bodies always closed
- No
deferin loops without closure wrapping -
init()functions avoided in favor of explicit initialization
Naming and Style
- Exported names have doc comments
- No stuttering names (
user.UserService→user.Service) - No naked returns in functions > 5 lines
- Context passed as first parameter
-
slogused overlogfor structured logging (Go 1.21+)
Severity Calibration
Critical (Block Merge)
- Unchecked errors on I/O, network, or database operations
- Goroutine leaks (no shutdown path)
- Race conditions on shared state (concurrent map access without sync)
- Unbounded resource accumulation (defer in loop, unclosed connections)
Major (Should Fix)
- Errors returned without context (bare
return err) - Missing WaitGroup for spawned goroutines
panicfor recoverable errors- Context not propagated to downstream calls
Minor (Consider Fixing)
interface{}instead ofanyin Go 1.18+ codebases- Missing doc comments on exports
- Stuttering names
- Slice not preallocated when size is known
Informational (Note Only)
- Suggestions to add generics where code generation exists
- Refactoring ideas for interface design
- Performance optimizations without measured impact
When to Load References
- Reviewing error return patterns → error-handling.md
- Reviewing goroutines, channels, or sync types → concurrency.md
- Reviewing type definitions, interfaces, or generics → interfaces.md
- General review (resources, naming, init, performance) → common-mistakes.md
Valid Patterns (Do NOT Flag)
These are acceptable Go patterns — reporting them wastes developer time:
_ = errwith reason comment — Intentionally ignored errors with explanation- Empty interface /
any— For truly generic code or interop with untyped APIs - Naked returns in short functions — Acceptable in functions \x3C 5 lines with named returns
- Channel without close — When consumer stops via context cancellation, not channel close
- Mutex protecting struct fields — Even if accessed only via methods, this is correct encapsulation
//nolintdirectives with reason — Acceptable when accompanied by explanation- Defer in loop — When function scope cleanup is intentional (e.g., processing files in batches)
- Functional options pattern —
type Option func(*T)withWith*constructors is idiomatic sync.Poolfor hot paths — Acceptable for reducing allocation pressure in performance-critical codecontext.Background()in main/tests — Valid root context for top-level callsselectwithdefault— Non-blocking channel operation, intentional pattern- Short variable names in small scope —
i,err,ctx,okare idiomatic Go
Context-Sensitive Rules
Only flag these issues when the specific conditions apply:
| Issue | Flag ONLY IF |
|---|---|
| Missing error check | Error return is actionable (can retry, log, or propagate) |
| Goroutine leak | No context cancellation path exists for the goroutine |
| Missing defer | Resource isn't explicitly closed before next acquisition or return |
| Interface pollution | Interface has > 1 method AND only one consumer exists |
| Loop variable capture | go.mod specifies Go \x3C 1.22 |
| Missing slog | go.mod specifies Go >= 1.21 AND code uses log package for structured output |
Before Submitting Findings
Satisfy step 4 in Review Workflow: load review-verification-protocol and complete its pre-report checks for each issue.
Usage Guidance
This skill appears to be what it says: an instruction-only Go code reviewer that reads go.mod and changed .go files and produces findings. Before installing or running it, confirm two things: (1) the referenced review-verification-protocol (../review-verification-protocol/SKILL.md) actually exists in the repository or platform and review its contents — the skill points to that external file but does not bundle it; (2) decide what repository access you will grant the agent. The skill will read source files (and surrounding context) in your repo — if those files contain secrets, credentials, or proprietary code you should limit access or inspect the verification protocol first. No credentials or network exfiltration are requested by the skill itself, but repository access is inherently sensitive.
Capability Analysis
Type: OpenClaw Skill
Name: go-code-review
Version: 2.3.1
The skill bundle is a comprehensive and well-structured tool for performing Go code reviews. It contains detailed instructions in SKILL.md and high-quality educational content in the references/ directory (e.g., error-handling.md, concurrency.md) that align perfectly with idiomatic Go practices. No indicators of malicious intent, data exfiltration, or harmful prompt injection were found.
Capability Assessment
Purpose & Capability
Name/description (Go code review) matches what the SKILL.md and reference docs ask the agent to do: read go.mod and .go files, check error handling, concurrency, interfaces, resources, and naming. No unrelated binaries, credentials, or installs are requested.
Instruction Scope
Instructions correctly limit actions to repository files (go.mod and changed .go files plus surrounding context). However the workflow requires following ../review-verification-protocol/SKILL.md (a relative path outside the skill bundle) which is not included in this package — that creates ambiguity about additional checks or external steps the agent will perform. Also the instructions require the agent to read full enclosing functions/contexts in the repo, which is expected for a review but means the agent will access repository source broadly.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files executed on install. This is the lowest-risk install model.
Credentials
No environment variables, credentials, or config paths are requested. The scope of secrets/credentials is minimal and proportionate for a code-review tool.
Persistence & Privilege
always is false and the skill does not request special persistent privileges. Autonomous invocation (default) is allowed but not excessive by itself. The skill does not modify other skills or system config.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install go-code-review - After installation, invoke the skill by name or use
/go-code-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.1
- Enforced a stricter, stepwise review workflow: findings can only be reported after satisfying four explicit review "passes" (Go version read, full context loaded, checklist scoped, and pre-report protocol).
- Added hard gate table summarizing pass/fail objectives for each review stage.
- Required explicit noting of the `go X.YY` baseline and scoping of review checklist blocks per change.
- Emphasized that only version-relevant advice should be applied, based on the actual `go.mod` baseline.
- Clarified the requirement to load and check the review-verification-protocol before reporting any issues.
- All rule content, checklist items, severity calibration, and context-sensitive rules are unchanged.
v2.3.0
- Major update to SKILL.md: clearer workflow, severity definitions, and context-sensitive review criteria for Go code.
- Review process now requires checking `go.mod` for Go version to adjust rules for generics, slog, and loop variable capture.
- Expanded and categorized the review checklist: error handling, concurrency, interfaces/types, resource management, and naming/style.
- Severity and output format standardized; includes precise calibration for critical, major, minor, and informational findings.
- Lists valid Go patterns explicitly to avoid false positives and wasted review effort.
- Emphasizes verifying findings via review-verification-protocol before reporting.
Metadata
Frequently Asked Questions
What is Go Code Review?
Reviews Go code for idiomatic patterns, error handling, concurrency safety, and common mistakes. Use when reviewing .go files, checking error handling, gorou... It is an AI Agent Skill for Claude Code / OpenClaw, with 169 downloads so far.
How do I install Go Code Review?
Run "/install go-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Go Code Review free?
Yes, Go Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Go Code Review support?
Go Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Go Code Review?
It is built and maintained by Kevin Anderson (@anderskev); the current version is v2.3.1.
More Skills