← Back to Skills Marketplace
90
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tk-code-reviewer
Description
Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaS...
README (SKILL.md)
AI Code Reviewer
Comprehensive automated code reviews — security, performance, best practices, and refactoring suggestions.
What It Does
- Security Scan — SQL injection, XSS, SSRF, secrets in code, insecure dependencies
- Performance Analysis — N+1 queries, memory leaks, inefficient loops, caching opportunities
- Best Practices — Code style, naming conventions, SOLID principles, DRY violations
- Refactoring Suggestions — Concrete before/after code improvements
- Documentation Gaps — Missing docstrings, unclear function names, no type hints
- Complexity Analysis — Cyclomatic complexity, function length, nesting depth
- PR-Ready Comments — Output formatted as pull request review comments
Usage
Full Code Review
Review this code for security, performance, and best practices:
Language: [Python/JavaScript/TypeScript/Go/Rust]
Context: [What does this code do?]
Priority: [Security first / Performance first / General review]
[Paste code or file path]
For each issue found:
1. Severity (critical/high/medium/low)
2. Category (security/performance/style/bug)
3. Line reference
4. What's wrong
5. How to fix (with corrected code)
Security-Focused Review
Security audit this code. I'm looking for:
- SQL injection vulnerabilities
- XSS attack vectors
- Authentication/authorization bypasses
- Secrets or credentials in code
- Insecure dependencies
- SSRF/CSRF vulnerabilities
- Input validation gaps
Language: [Language]
[Paste code]
Performance Review
Analyze this code for performance issues:
- Database query efficiency (N+1, missing indexes)
- Memory usage and potential leaks
- Algorithm complexity (can it be optimized?)
- Caching opportunities
- Async/concurrency improvements
Context: This handles [X requests/second] and processes [Y data]
[Paste code]
Refactoring Guide
Suggest refactoring improvements for this code:
- Reduce complexity
- Improve readability
- Apply design patterns where beneficial
- Remove duplication
- Improve testability
Show before/after for each suggestion.
[Paste code]
PR Review Format
Review this pull request diff:
[Paste diff or describe changes]
Output as PR comments:
- File: [filename]
- Line: [number]
- Comment: [review comment]
- Suggestion: [code suggestion if applicable]
Output Format
# Code Review Report
**Files Reviewed**: [count]
**Language**: [language]
**Overall Score**: [X/100]
## 🔴 Critical Issues ([count])
### Issue 1: [Title]
- **Severity**: Critical
- **Category**: Security
- **Location**: [file:line]
- **Problem**: [Description]
- **Impact**: [What could happen]
- **Fix**:
```[language]
// Before (vulnerable)
[old code]
// After (fixed)
[new code]
🟡 Warnings ([count])
[Medium-severity issues]
🔵 Suggestions ([count])
[Low-severity improvements]
🟢 Positive Observations
[What's already good about the code]
Summary
- Critical: [X] (must fix before merge)
- Warnings: [X] (should fix soon)
- Suggestions: [X] (nice to have)
- Score: [X/100]
## Supported Languages
- Python (3.8+)
- JavaScript / TypeScript
- Go
- Rust
- Ruby
- PHP
- Java / Kotlin
- C / C++
- Shell / Bash
## Best Practices
- Provide context about what the code does — better context = better review
- Specify your priority (security vs performance vs general)
- For large codebases, review one module/file at a time
- Pair with `security-auditor` for infrastructure-level security checks
- Use the PR format output to paste directly into GitHub/GitLab reviews
## References
- `references/security-patterns.md` — Common vulnerability patterns by language
- `references/performance-patterns.md` — Common performance anti-patterns
Usage Guidance
This skill appears coherent and does not ask for credentials or install arbitrary code. However: only paste or point the skill at code you are comfortable sharing (do not paste secrets, private keys, or production credentials). If you provide file paths, ensure the agent's environment is allowed to access those files and that they do not contain sensitive data. Review the AI's suggested fixes before applying them (especially security fixes), and consider running results by a human reviewer. Note the skill references auxiliary docs that were not included — that may limit some guidance but is not a security issue by itself.
Capability Analysis
Type: OpenClaw Skill
Name: tk-code-reviewer
Version: 1.0.0
The skill bundle is a legitimate tool designed to provide AI-driven code reviews for security, performance, and best practices. It consists entirely of documentation and prompt instructions (SKILL.md and README.md) without any executable code, suspicious network activity, or instructions to exfiltrate sensitive data.
Capability Assessment
Purpose & Capability
Name/description (automated code review across many languages) aligns with what the skill asks for and does. It requires no binaries, credentials, or installs, which is proportionate for an instruction-only reviewer that operates on user-supplied code or file paths.
Instruction Scope
SKILL.md confines actions to reviewing pasted code or user-provided file paths and producing PR-style comments. It does not instruct the agent to read system files or environment variables unrelated to a review. Note: allowing file-path input means the agent will read whatever files the user points it at (including potentially sensitive files) — this is expected for a code-review tool but worth caution. The SKILL.md references helper docs (references/*.md) that are not present in the package.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no unexplained secret requests.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request persistent presence or system-wide config changes and does not claim to modify other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tk-code-reviewer - After installation, invoke the skill by name or use
/tk-code-reviewer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — automated code reviews for security, performance, best practices with PR-ready comments
Metadata
Frequently Asked Questions
What is AI Code Reviewer?
Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaS... It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.
How do I install AI Code Reviewer?
Run "/install tk-code-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Code Reviewer free?
Yes, AI Code Reviewer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does AI Code Reviewer support?
AI Code Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Code Reviewer?
It is built and maintained by tktk-ai (@tktk-ai); the current version is v1.0.0.
More Skills