← Back to Skills Marketplace
yorickshan

ITFE Code Review

by Shan Yinlong · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
51
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install itfe-code-review
Description
Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements.
README (SKILL.md)

ITFE Code Review

🌐 Language Requirement

CRITICAL: You MUST respond ONLY in Simplified Chinese (简体中文).

  • All review reports, findings, descriptions, and suggestions MUST be in Chinese
  • All communication with the user MUST be in Chinese
  • Code comments and variable names can remain in their original language
  • Do NOT use English, Japanese, Korean, or any other language for explanations

Overview

Perform a structured review of the current git changes with focus on SOLID, architecture, removal candidates, and security risks. Default to review-only output unless the user asks to implement changes.

Severity Levels

Level Name Description Action
P0 Critical Security vulnerability, data loss risk, correctness bug Must block merge
P1 High Logic error, significant SOLID violation, performance regression Should fix before merge
P2 Medium Code smell, maintainability concern, minor SOLID violation Fix in this PR or create follow-up
P3 Low Style, naming, minor suggestion Optional improvement

Workflow

1) Preflight context

  • Use git status -sb, git diff --stat, and git diff to scope changes.
  • If needed, use rg or grep to find related modules, usages, and contracts.
  • Identify entry points, ownership boundaries, and critical paths (auth, payments, data writes, network).

Edge cases:

  • No changes: If git diff is empty, inform user and ask if they want to review staged changes or a specific commit range.
  • Large diff (>500 lines): Summarize by file first, then review in batches by module/feature area.
  • Mixed concerns: Group findings by logical feature, not just file order.

2) SOLID + architecture smells

  • Load references/solid-checklist.md for specific prompts.
  • Look for:
    • SRP: Overloaded modules with unrelated responsibilities.
    • OCP: Frequent edits to add behavior instead of extension points.
    • LSP: Subclasses that break expectations or require type checks.
    • ISP: Wide interfaces with unused methods.
    • DIP: High-level logic tied to low-level implementations.
  • When you propose a refactor, explain why it improves cohesion/coupling and outline a minimal, safe split.
  • If refactor is non-trivial, propose an incremental plan instead of a large rewrite.

3) Removal candidates + iteration plan

  • Load references/removal-plan.md for template.
  • Identify code that is unused, redundant, or feature-flagged off.
  • Distinguish safe delete now vs defer with plan.
  • Provide a follow-up plan with concrete steps and checkpoints (tests/metrics).

4) Security and reliability scan

  • Load references/security-checklist.md for coverage.
  • Check for:
    • XSS, injection (SQL/NoSQL/command), SSRF, path traversal
    • AuthZ/AuthN gaps, missing tenancy checks
    • Secret leakage or API keys in logs/env/files
    • Rate limits, unbounded loops, CPU/memory hotspots
    • Unsafe deserialization, weak crypto, insecure defaults
    • Race conditions: concurrent access, check-then-act, TOCTOU, missing locks
  • Call out both exploitability and impact.

5) Code quality scan

  • Load references/code-quality-checklist.md for coverage.
  • Check for:
    • Error handling: swallowed exceptions, overly broad catch, missing error handling, async errors
    • Performance: N+1 queries, CPU-intensive ops in hot paths, missing cache, unbounded memory
    • Boundary conditions: null/undefined handling, empty collections, numeric boundaries, off-by-one
  • Flag issues that may cause silent failures or production incidents.

6) Output format

CRITICAL: Output all content in Simplified Chinese (简体中文).

Structure your review as follows:

## 代码审查报告

**审查文件数**:X 个文件,Y 行变更
**总体评估**:[通过 / 需要修改 / 建议]

---

## 发现的问题

### P0 - 严重
(无 或 列表)

### P1 - 高
- **[文件:行号]** 简短标题
  - 问题描述
  - 修复建议

### P2 - 中
...

### P3 - 低
...

---

## 删除/迭代计划
(如适用)

## 其他建议
(可选改进,不阻塞)

Inline comments: Use this format for file-specific findings:

::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::

Clean review (in Chinese): If no issues found, explicitly state:

  • 检查了什么内容
  • 未覆盖的区域(例如:"未验证数据库迁移")
  • 残留风险或建议的后续测试

7) Next steps confirmation (in Chinese)

After presenting findings, ask user how to proceed (in Chinese):

---

## 下一步行动

我发现了 X 个问题(P0: _, P1: _, P2: _, P3: _)。

**你希望如何处理?**

1. **全部修复** - 我将实现所有建议的修复
2. **仅修复 P0/P1** - 处理严重和高优先级问题
3. **修复指定项** - 告诉我要修复哪些问题
4. **不做修改** - 仅审查,不需要实现

请选择一个选项或提供具体指示。

Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow. All communication must be in Chinese.

Resources

references/

File Purpose
solid-checklist.md SOLID smell prompts and refactor heuristics
security-checklist.md Web/app security and runtime risk checklist
code-quality-checklist.md Error handling, performance, boundary conditions
removal-plan.md Template for deletion candidates and follow-up plan
Usage Guidance
This skill appears safe for normal code review use. Be aware that it will read your current git changes and may search related repository files; only approve implementation steps if you are comfortable with the agent editing your code.
Capability Analysis
Type: OpenClaw Skill Name: itfe-code-review Version: 1.0.0 The skill is a legitimate code review tool designed to analyze git changes for architectural patterns (SOLID), security vulnerabilities, and performance issues. It utilizes standard system tools like `git`, `rg`, and `grep` to scope changes and provides comprehensive reference checklists in the `references/` directory to guide the AI's analysis. While it contains a strict instruction to respond only in Simplified Chinese, this appears to be a localization requirement rather than a malicious prompt injection, and there is no evidence of data exfiltration, unauthorized execution, or persistence mechanisms.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
The stated purpose is code review of current git changes, and the artifacts only provide review instructions plus checklist references for SOLID, security, reliability, and code quality.
Instruction Scope
The workflow is scoped to reviewing diffs and related code, and it explicitly says not to implement changes until the user confirms.
Install Mechanism
There is no install spec, executable code, package dependency, remote script, or required binary.
Credentials
The skill expects the agent to run local git and search commands, which is appropriate for code review but may expose private repository contents to the agent/model.
Persistence & Privilege
No persistence, background worker, credential use, privileged path access, or autonomous long-running behavior is described.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install itfe-code-review
  3. After installation, invoke the skill by name or use /itfe-code-review
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- 新增技能:itfe-code-review 版本 1.0.0 - 提供以资深工程师视角的代码审查,聚焦 SOLID 原则、架构、安全风险及可操作的改进建议 - 所有审查报告和沟通内容均要求以简体中文输出 - 分类细致的问题严重等级(P0-P3),并推荐对应的处理措施 - 审查涵盖结构性、删除候选、安全、代码质量等维度,支持模块化和分批次大变更审阅 - 审查报告模板清晰,包含下一步处理建议,真正实现评审与执行分离
Metadata
Slug itfe-code-review
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ITFE Code Review?

Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements. It is an AI Agent Skill for Claude Code / OpenClaw, with 51 downloads so far.

How do I install ITFE Code Review?

Run "/install itfe-code-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ITFE Code Review free?

Yes, ITFE Code Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ITFE Code Review support?

ITFE Code Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ITFE Code Review?

It is built and maintained by Shan Yinlong (@yorickshan); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments