← Back to Skills Marketplace
code-reviewer
by
Alireza Rezvani
· GitHub ↗
· v1.0.0
· MIT-0
372
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install cs-code-reviewer
Description
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations...
README (SKILL.md)
Code Reviewer
Automated code review tools for analyzing pull requests, detecting code quality issues, and generating review reports.
Table of Contents
Tools
PR Analyzer
Analyzes git diff between branches to assess review complexity and identify risks.
# Analyze current branch against main
python scripts/pr_analyzer.py /path/to/repo
# Compare specific branches
python scripts/pr_analyzer.py . --base main --head feature-branch
# JSON output for integration
python scripts/pr_analyzer.py /path/to/repo --json
What it detects:
- Hardcoded secrets (passwords, API keys, tokens)
- SQL injection patterns (string concatenation in queries)
- Debug statements (debugger, console.log)
- ESLint rule disabling
- TypeScript
anytypes - TODO/FIXME comments
Output includes:
- Complexity score (1-10)
- Risk categorization (critical, high, medium, low)
- File prioritization for review order
- Commit message validation
Code Quality Checker
Analyzes source code for structural issues, code smells, and SOLID violations.
# Analyze a directory
python scripts/code_quality_checker.py /path/to/code
# Analyze specific language
python scripts/code_quality_checker.py . --language python
# JSON output
python scripts/code_quality_checker.py /path/to/code --json
What it detects:
- Long functions (>50 lines)
- Large files (>500 lines)
- God classes (>20 methods)
- Deep nesting (>4 levels)
- Too many parameters (>5)
- High cyclomatic complexity
- Missing error handling
- Unused imports
- Magic numbers
Thresholds:
| Issue | Threshold |
|---|---|
| Long function | >50 lines |
| Large file | >500 lines |
| God class | >20 methods |
| Too many params | >5 |
| Deep nesting | >4 levels |
| High complexity | >10 branches |
Review Report Generator
Combines PR analysis and code quality findings into structured review reports.
# Generate report for current repo
python scripts/review_report_generator.py /path/to/repo
# Markdown output
python scripts/review_report_generator.py . --format markdown --output review.md
# Use pre-computed analyses
python scripts/review_report_generator.py . \
--pr-analysis pr_results.json \
--quality-analysis quality_results.json
Report includes:
- Review verdict (approve, request changes, block)
- Score (0-100)
- Prioritized action items
- Issue summary by severity
- Suggested review order
Verdicts:
| Score | Verdict |
|---|---|
| 90+ with no high issues | Approve |
| 75+ with ≤2 high issues | Approve with suggestions |
| 50-74 | Request changes |
| \x3C50 or critical issues | Block |
Reference Guides
Code Review Checklist
references/code_review_checklist.md
Systematic checklists covering:
- Pre-review checks (build, tests, PR hygiene)
- Correctness (logic, data handling, error handling)
- Security (input validation, injection prevention)
- Performance (efficiency, caching, scalability)
- Maintainability (code quality, naming, structure)
- Testing (coverage, quality, mocking)
- Language-specific checks
Coding Standards
references/coding_standards.md
Language-specific standards for:
- TypeScript (type annotations, null safety, async/await)
- JavaScript (declarations, patterns, modules)
- Python (type hints, exceptions, class design)
- Go (error handling, structs, concurrency)
- Swift (optionals, protocols, errors)
- Kotlin (null safety, data classes, coroutines)
Common Antipatterns
references/common_antipatterns.md
Antipattern catalog with examples and fixes:
- Structural (god class, long method, deep nesting)
- Logic (boolean blindness, stringly typed code)
- Security (SQL injection, hardcoded credentials)
- Performance (N+1 queries, unbounded collections)
- Testing (duplication, testing implementation)
- Async (floating promises, callback hell)
Languages Supported
| Language | Extensions |
|---|---|
| Python | .py |
| TypeScript | .ts, .tsx |
| JavaScript | .js, .jsx, .mjs |
| Go | .go |
| Swift | .swift |
| Kotlin | .kt, .kts |
Usage Guidance
This skill contains reasonably straightforward Python scripts that analyze a repository and produce reports — that matches its description — but exercise caution before installing:
- Source verification: there is no homepage or upstream repo listed. Prefer skills with a known source or inspect the full script contents yourself.
- Runtime dependencies: the metadata claims no required binaries, but the scripts call the git CLI and are Python programs. Ensure your environment has Python and git available; the skill should have declared those dependencies.
- Data exposure: the tools read file contents and diffs (they will see any secrets in a repo). They do not appear to transmit data externally, but you should review the scripts for any network calls before running them on sensitive repositories.
- Local testing: run the scripts locally on a non-sensitive repository first (python scripts/pr_analyzer.py . --json) to verify behavior and outputs.
- Autonomy: the skill can be invoked autonomously by the agent (normal default). If you are concerned, only allow manual invocation or inspect/disable autonomous invocation settings.
If you want to proceed, review the three included Python files for any unexpected subprocess or network usage and confirm git/Python are available; if you cannot verify the source, treat it as untrusted code and run it in an isolated environment.
Capability Analysis
Type: OpenClaw Skill
Name: cs-code-reviewer
Version: 1.0.0
The code-reviewer skill bundle is a legitimate toolset for automated code analysis and pull request review. It consists of Python scripts (pr_analyzer.py, code_quality_checker.py, and review_report_generator.py) that use regex-based patterns to identify security risks like hardcoded secrets and SQL injection, as well as code quality metrics like cyclomatic complexity and SOLID violations. The tools interact with the local git environment using subprocess calls to retrieve diffs and commit history, which is necessary for their stated functionality. No evidence of data exfiltration, malicious persistence, or prompt injection was found.
Capability Assessment
Purpose & Capability
The code-reviewer name/description aligns with the included Python scripts (PR analysis, quality checks, report generation). However the skill metadata declares no required binaries or environment variables while the shipped scripts clearly expect a Python runtime and call the git CLI via subprocess. The absence of a declared dependency on git/Python and lack of a homepage/source repository is an incoherence worth flagging.
Instruction Scope
SKILL.md instructs the agent to run the included scripts against a repository path (diffs, commit messages, file contents). The instructions stay within the stated purpose: reading repository files, diffs and generating reports. They do not instruct reading unrelated system files or exfiltrating data to external endpoints.
Install Mechanism
There is no install specification; the skill is instruction+script based and does not download external artifacts. This minimizes install-time risk. The shipped scripts will be executed locally when invoked.
Credentials
The skill declares no required environment variables or credentials, and the scripts do not appear to access secrets managers or remote APIs. However, they will read repository contents (including any secrets stored in the repo) and call the git CLI; the metadata should have declared required binaries (git, Python). The missing declaration is an inconsistency that could lead to unexpected failures or hidden assumptions.
Persistence & Privilege
always:false and no install hooks are present. The skill does not request permanent system presence or modify other skills. It executes local scripts and subprocesses but does not autonomously persist credentials or reconfigure the agent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cs-code-reviewer - After installation, invoke the skill by name or use
/cs-code-reviewer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish (prefixed slug)
v2.1.2
- Expanded documentation in SKILL.md, detailing tool capabilities, usage examples, detected issue types, and report criteria.
- Added clear descriptions and sample commands for PR Analyzer, Code Quality Checker, and Review Report Generator.
- Introduced tables for issue thresholds, review score verdicts, and supported languages/extensions.
- Included references to code review checklists, coding standards, and common antipatterns for various supported languages.
Metadata
Frequently Asked Questions
What is code-reviewer?
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations... It is an AI Agent Skill for Claude Code / OpenClaw, with 372 downloads so far.
How do I install code-reviewer?
Run "/install cs-code-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is code-reviewer free?
Yes, code-reviewer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does code-reviewer support?
code-reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created code-reviewer?
It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v1.0.0.
More Skills