← Back to Skills Marketplace
1477009639zw-blip

Autonomous Code Review

by 1477009639zw-blip · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
154
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install autonomous-code-review
Description
Automatically review code to detect critical bugs, security flaws, performance issues, and style violations as a first-pass code auditor.
README (SKILL.md)

Autonomous Code Review

Category: Development
Author: Beta
Version: 1.0.0
Runtime: OpenClaw + Claude/GPT

What It Does

Automatically review code for bugs, security issues, performance problems, and style violations. Acts as a tireless first-pass reviewer on any codebase.

When to Use

  • After any significant code change
  • Before merging pull requests
  • During code review requests
  • To catch issues before human reviewers

Review Checklist

🔴 Critical (Block Merge)

  • Security vulnerabilities (SQL injection, XSS, auth bypass)
  • Data corruption risks (race conditions, deadlocks)
  • Authentication/authorization bypasses
  • Secrets hardcoded in source

🟡 Important (Should Fix)

  • Performance issues (N+1 queries, inefficient loops)
  • Error handling missing or insufficient
  • Missing input validation
  • Resource leaks (unclosed connections, files)

🟢建议 (Nice to Fix)

  • Code style violations
  • Missing documentation
  • Hardcoded values that should be config
  • Overly complex logic

Usage

# Review a file
openclaw code review --file src/auth.py

# Review a diff
openclaw code review --diff "main..feature-branch"

# Full repository audit
openclaw code review --repo ./ --exclude "node_modules,dist"

Integration

GitHub Actions

- name: Code Review
  uses: openclaw/code-review-action@v1
  with:
    api-key: ${{ secrets.OPENCLAW_API_KEY }}

Pre-commit Hook

openclaw code review --staged --fail-on critical

Output Format

{
  "file": "src/auth.py",
  "issues": [
    {
      "severity": "critical",
      "line": 42,
      "rule": "sql-injection",
      "message": "User input directly interpolated into SQL query",
      "fix": "Use parameterized queries instead"
    }
  ],
  "score": 72,
  "summary": "1 critical, 2 important, 3 suggestions"
}

Best Practices

  • Run on every commit, not just before merges
  • Combine with human review for critical paths
  • Track review history to catch recurring issues
  • Customize rules per project type
Usage Guidance
This skill is an instruction-only template for running an automated code review and appears coherent with that purpose. Before installing/using: (1) Confirm you have the 'openclaw' runtime/CLI the instructions assume; (2) expect to supply an OPENCLAW_API_KEY if you enable the GitHub Action or a hosted service — the skill didn’t declare this; (3) run the tool on non-sensitive or test repositories first, since full-repo scans can read secrets or configuration files; (4) combine the automated reports with human review for critical code paths. If you need a higher-assurance assessment, ask the publisher for implementation details or a signed release so you can verify what code (if any) will run.
Capability Analysis
Type: OpenClaw Skill Name: autonomous-code-review Version: 1.0.0 The skill bundle contains only metadata and documentation for an autonomous code review tool. The instructions in SKILL.md define a standard review process (security, performance, style) and provide usage examples without any malicious commands, data exfiltration attempts, or prompt injection attacks.
Capability Assessment
Purpose & Capability
Name, description, and checklist align with a first-pass automated code reviewer. The SKILL.md references running an 'openclaw' CLI and a GitHub Action that expects an OPENCLAW_API_KEY, but the skill manifest declares no required binaries or environment variables — a minor inconsistency (documentation/assumption about the platform) rather than evidence of hidden behavior.
Instruction Scope
Instructions focus on reviewing files, diffs, and repositories and give examples for CLI usage, pre-commit hooks, and CI. These actions are within the expected scope of an automated code-review tool. Note: the guidance implies scanning entire repositories (which may include sensitive files or credentials in source), which is expected but something the user should consciously permit.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. The document assumes an existing 'openclaw' runtime/CLI but doesn't install anything itself.
Credentials
The manifest requests no environment variables, but example integrations show a GitHub Action using secrets.OPENCLAW_API_KEY. If you plan to use the GitHub Action or any hosted OpenClaw service, you will likely need to provide that API key — the skill should have declared that but did not. There are no unexplained extra credentials requested by the skill itself.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. It is user-invocable and would run when invoked, which is appropriate.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install autonomous-code-review
  3. After installation, invoke the skill by name or use /autonomous-code-review
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Autonomous Code Review skill. - Automatically reviews code for bugs, security, performance, and style issues. - Provides a categorized checklist and outputs structured JSON reports. - Supports multiple usage modes: file, diff, or entire repository. - Integrates with GitHub Actions and pre-commit hooks for CI/CD workflows. - Offers best practice guidelines for continuous and effective code review.
Metadata
Slug autonomous-code-review
Version 1.0.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Autonomous Code Review?

Automatically review code to detect critical bugs, security flaws, performance issues, and style violations as a first-pass code auditor. It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.

How do I install Autonomous Code Review?

Run "/install autonomous-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Autonomous Code Review free?

Yes, Autonomous Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Autonomous Code Review support?

Autonomous Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Autonomous Code Review?

It is built and maintained by 1477009639zw-blip (@1477009639zw-blip); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments