← Back to Skills Marketplace

Huo15 Openclaw Code Review

Name: Huo15 Openclaw Code Review
Author: zhaobod1

by Job Zhao · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install huo15-openclaw-code-review

Description

对 GitHub / cnb.cool PR 做综合代码评审（设计 / 实现 / 测试 / 安全 / 可维护五维），借 gh CLI 拉 diff，产出可粘贴到 PR 的评论 markdown。触发词：评审 PR、code review、审一下这个 PR、帮我 review、看看这个合并请求。

README (SKILL.md)

火一五代码评审技能 v1.0

五维 PR 评审 + 可粘贴评论 — 青岛火一五信息科技有限公司

一、触发场景

"帮我 review PR #123"
"审一下这个合并请求"
"code review 一下我的 PR"
用户贴 PR URL：https://github.com/xxx/yyy/pull/123 或 https://cnb.cool/.../merge_requests/45

产出：五维清单 + 行内评论建议 + 总评（批准/请改/阻断）+ 一段可直接粘贴到 PR 的 markdown。

二、评审五维

维度	关注点	不关注
1. 设计（Design）	方案是否对问题对症 / 抽象是否合适 / 与现有架构一致	风格偏好
2. 实现（Implementation）	逻辑正确 / 边界处理 / 错误处理 / 资源回收	次要优化
3. 测试（Tests）	关键路径有单测 / 边界 case / 回归	100% 覆盖率
4. 安全（Security）	代理 `huo15-openclaw-security-review` 做六类扫描	—
5. 可维护（Maintainability）	命名 / 文档 / 可读性 / 变更局部性	代码风格（交给 linter）

三、工作流（严格按序）

Step 1：拉取 PR 元信息

# GitHub
gh pr view \x3Cnumber> --json title,body,author,baseRefName,headRefName,files,commits,additions,deletions

# cnb.cool（如有 API / CLI）
curl .../merge_requests/\x3Cid>

不 exec — 返回命令让用户粘贴结果，或若上下文里已有就用。

Step 2：拉取 diff

gh pr diff \x3Cnumber>
# 或
git diff \x3Cbase>...\x3Chead>

Step 3：分段阅读 + Grep 关键字

每个文件至少过一遍
Grep 高危模式（密钥 / SQL 拼接 / dangerouslySetInnerHTML）转交 security-review 思路
对新增函数：检查命名、参数、返回值、错误处理

Step 4：五维评分

对 5 维每个给：

✅ Pass
⚠️ Minor（可合但建议改）
❌ Blocker（必须改）

Step 5：生成行内评论

每条评论格式：

`path/to/file.ts:line` — \x3C简短标题>

\x3C问题描述>
\x3C建议>

Step 6：总评

Approve — 全 ✅ 或只有 🟢 minor
Request changes — 有任何 ⚠️ 影响核心
Block — 有 ❌ 安全 / 数据丢失 / 不兼容风险

四、报告模板

## 📋 Code Review — PR #123 "\x3Ctitle>"

**作者**：@xxx · **变更**：12 文件 +340 -120 · **评审耗时**：5 min

### 五维评分
- Design：✅
- Implementation：⚠️ 2 处
- Tests：⚠️ 缺边界测试
- Security：✅（无新增攻击面）
- Maintainability：✅

### 总评：🟡 Request Changes

必改后合并：1 处 Implementation blocker + 1 处测试缺失。

---

### 行内评论

**`src/api/user.ts:45`** — 边界未处理
当 `userId` 为 `undefined` 时 `db.user.findById(userId)` 会返回所有用户。
建议：函数入口加 `if (!userId) throw new Error(...)`。

**`src/api/user.ts:88`** — 错误吞掉
`catch(e) { return null }` 掩盖了数据库连接错误。
建议：区分「找不到」和「出错」，至少记日志。

**`tests/user.test.ts`** — 缺边界用例
新增的 `mergeProfile` 没测 `null` / `undefined` / `{}` 空对象三种输入。
建议：补 3 条测试用例。

### 其他观察（不阻塞合并）
- 命名 `data` → `userProfile` 可读性更好（src/utils.ts:12）
- 可用 `Pick\x3CUser, 'id'|'name'>` 替代手写接口（types.ts:33）

---

🤖 Reviewed by huo15-openclaw-code-review

五、硬红线（绝不触碰）

不 gh pr review --approve / --request-changes — 评审意见由人提交（避免 AI 自己批自己的 PR）
不 gh pr merge — 合并决策权归人
不自动 gh pr comment — 除非用户明确说"直接发到 PR 上"
不跑测试 / build — 除非用户要求
禁 child_process — gh 命令走 return-cliCmd

六、与相邻技能的边界

场景	用哪个
PR 综合评审	本技能
只看安全	`huo15-openclaw-security-review`
只看代码质量	`huo15-openclaw-simplify`
只看设计稿 / UI	`huo15-openclaw-design-critique`

Usage Guidance

This skill is a read-only, instruction-only code-review assistant that returns text you can paste into a PR. It will not autonomously run gh/git commands, post comments, or merge — you must run any returned CLI commands or explicitly ask it to act. Before using, be careful what you paste: if you paste full diffs or outputs that contain secrets, those secrets could appear in the skill's output. If you expect the skill to run commands locally, note it won't execute them unless the platform/context you use supplies the command outputs. If you need the skill to perform automated posting or merges, require a different skill and only allow that after verifying its permissions.

Capability Analysis

Type: OpenClaw Skill Name: huo15-openclaw-code-review Version: 1.0.0 The skill bundle (huo15-openclaw-code-review) is a structured tool for performing code reviews on GitHub and cnb.cool PRs. It uses the 'gh' CLI to fetch PR metadata and diffs but includes explicit safety constraints ('Hard Red Lines' in SKILL.md) that forbid the agent from automatically merging, approving, or executing shell commands directly via child processes. The instructions are well-aligned with the stated purpose and lack any indicators of data exfiltration or malicious intent.

Capability Assessment

ℹ Purpose & Capability

The skill claims to use the gh CLI / repo diffs to produce reviews, and its workflow and outputs match that purpose. Minor incongruity: SKILL.md repeatedly references the gh CLI and git diff, yet the registry metadata declares no required binaries — this is explainable because the skill explicitly says it will not exec commands and instead returns commands for the user to run or uses provided context.

✓ Instruction Scope

Instructions focus on fetching PR metadata/diff, scanning files, producing five-dimensional findings, inline comments, and a summary. It does not instruct the agent to perform merges, post comments, run tests/builds, or read unrelated system files. It does direct checks for secret-like patterns (expected for security review) and delegates deeper scanning to a dedicated security-review skill.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — lowest risk. Nothing is written to disk or fetched at install time.

✓ Credentials

The skill declares no required environment variables or credentials and its actions do not require secrets. The instructions ask users to provide PR URLs or paste command output; they do not request tokens or credentials.

✓ Persistence & Privilege

always is false and the skill does not request persistent system presence or modify other skills/config. It explicitly forbids autonomous actions like approving/merging/commenting unless the user explicitly asks.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install huo15-openclaw-code-review
After installation, invoke the skill by name or use /huo15-openclaw-code-review
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

首发 — PR 五维综合评审（设计/实现/测试/安全/可维护）+ 可粘贴 markdown 评论

Metadata

Slug huo15-openclaw-code-review

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Huo15 Openclaw Code Review?

对 GitHub / cnb.cool PR 做综合代码评审（设计 / 实现 / 测试 / 安全 / 可维护五维），借 gh CLI 拉 diff，产出可粘贴到 PR 的评论 markdown。触发词：评审 PR、code review、审一下这个 PR、帮我 review、看看这个合并请求。 It is an AI Agent Skill for Claude Code / OpenClaw, with 63 downloads so far.

How do I install Huo15 Openclaw Code Review?

Run "/install huo15-openclaw-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Huo15 Openclaw Code Review free?

Yes, Huo15 Openclaw Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Huo15 Openclaw Code Review support?

Huo15 Openclaw Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Huo15 Openclaw Code Review?

It is built and maintained by Job Zhao (@zhaobod1); the current version is v1.0.0.

More Skills