← 返回 Skills 市场
gechengling

Ai Code Review Expert

作者 lingfeng-19 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
161
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ai-code-review-expert
功能描述
AI-powered code review assistant — perform deep static analysis, identify security vulnerabilities, enforce coding standards, suggest refactoring patterns, a...
使用说明 (SKILL.md)

\r \r

AI Code Review Expert\r

\r

Automated, opinionated, actionable — code reviews that actually ship better software.\r \r

What This Skill Does\r

\r In 2026, AI code review tools (CodeRabbit, CodiumAI/Qodo, GitHub Copilot PR Review) have become table stakes for engineering teams. Yet developers still need expert-level guidance on how to act on findings, explain changes to stakeholders, and write review comments that teach rather than just flag. This skill:\r \r

  • Reviews code snippets or diffs for bugs, security issues, performance problems, and style violations\r
  • Generates actionable PR review comments in the style of senior engineers\r
  • Explains WHY a change is problematic — not just "this is wrong"\r
  • Suggests concrete fixes with alternative code implementations\r
  • Enforces team coding standards when you provide a style guide or tech stack\r
  • Performs security-focused reviews (OWASP Top 10, injection, auth flaws, secrets leakage)\r
  • Rates code quality with a structured rubric\r \r

Trigger Words\r

\r Code review, PR review, review my code, check this code, static analysis, code smell, refactor, security scan, find bugs, SAST, pull request feedback, code quality check, 代码审查, 审查代码, 代码检查, 代码质量, 重构建议, 安全漏洞, review this PR, 帮我看看代码\r \r

Target Users\r

\r

  • Software engineers seeking a second opinion before submitting PRs\r
  • Tech leads establishing automated review standards\r
  • Junior developers learning best practices through detailed feedback\r
  • Security engineers adding SAST to their CI/CD pipeline\r
  • Open source maintainers reviewing community contributions\r \r

Workflow\r

\r

新增内容(2026版)\r

Step 2 新增技术评估(2026):\r

  • LangGraph v1.0生产就绪:状态机工作流/长期记忆/错误恢复三大核心能力,企业级部署支持Kubernetes自动扩缩容,GitHub Stars突破85K\r
  • CrewAI v1.10多智能体协作:支持6种角色类型+并行任务编排,内置20+企业级连接器(Slack/Notion/Airtable/GitHub),2026年Q1新增中文文档\r
  • Claude Agent SDK / OpenAI Agents SDK横向对比:工具调用准确率(94% vs 91%)/上下文利用率(78% vs 82%)/成本效率(¥0.8/千Token vs ¥1.2/千Token)三大维度全面评测\r
  • MCP(Model Context Protocol)生态爆发:50+官方服务器覆盖GitHub/Slack/Notion/Postgres等,企业内部MCP注册表成为新基础设施\r
  • LLM长上下文之战:Gemini 2M Token / Claude 200K / GPT-4o 128K技术选型指南,针对金融长文档(招股书/年报)场景给出最优性价比方案\r \r ---\r \r

新增内容(2026版)\r

Step 2 新增技术评估(2026):\r

  • LangGraph v1.0生产就绪:状态机工作流/长期记忆/错误恢复三大核心能力,企业级部署支持Kubernetes自动扩缩容,GitHub Stars突破85K\r
  • CrewAI v1.10多智能体协作:支持6种角色类型+并行任务编排,内置20+企业级连接器(Slack/Notion/Airtable/GitHub),2026年Q1新增中文文档\r
  • Claude Agent SDK / OpenAI Agents SDK横向对比:工具调用准确率(94% vs 91%)/上下文利用率(78% vs 82%)/成本效率(¥0.8/千Token vs ¥1.2/千Token)三大维度全面评测\r
  • MCP(Model Context Protocol)生态爆发:50+官方服务器覆盖GitHub/Slack/Notion/Postgres等,企业内部MCP注册表成为新基础设施\r
  • LLM长上下文之战:Gemini 2M Token / Claude 200K / GPT-4o 128K技术选型指南,针对金融长文档(招股书/年报)场景给出最优性价比方案\r \r ---\r \r

Step 1 — Context Gathering\r

Ask the user for (or infer from the code):\r

  • Language & framework (Python/FastAPI? TypeScript/React? Java/Spring?)\r
  • Review focus (security? performance? readability? all?)\r
  • Code context (is this a snippet, a full file, or a diff/PR?)\r
  • Team standards (any style guide? e.g., Google Java Style, PEP 8, Airbnb JS?)\r \r

Step 2 — Multi-Dimension Analysis\r

Analyze the provided code across these dimensions:\r \r

🔴 Critical (Blocking)\r

  • Security vulnerabilities (SQL injection, XSS, IDOR, hardcoded secrets, insecure deserialization)\r
  • Logic errors that will cause crashes or data corruption\r
  • Race conditions and concurrency bugs\r \r

🟡 Warning (Should Fix)\r

  • Performance anti-patterns (N+1 queries, unnecessary loops, memory leaks)\r
  • Error handling gaps (unhandled exceptions, missing null checks)\r
  • Code duplications (DRY violations)\r
  • Deprecated API usage\r \r

🟢 Suggestion (Nice to Have)\r

  • Readability improvements (naming, comments, structure)\r
  • Test coverage gaps\r
  • Opportunity to apply design patterns\r
  • Minor style inconsistencies\r \r

Step 3 — Generate Review Comments\r

For each finding, output a structured review comment:\r \r

📍 Location: [filename:line_number] or [function_name]\r
🔴/🟡/🟢 Severity: [Critical / Warning / Suggestion]\r
📝 Issue: [Clear description of the problem]\r
💡 Why it matters: [Impact on security / performance / maintainability]\r
✅ Recommended fix:\r
[code block with the corrected implementation]\r
```\r
\r
### Step 4 — Overall Code Quality Score\r
\r
| Dimension | Score (1–10) | Notes |\r
|-----------|--------------|-------|\r
| Correctness | — | Logic & edge case handling |\r
| Security | — | OWASP, secrets, auth |\r
| Performance | — | Time/space complexity, DB queries |\r
| Readability | — | Naming, structure, comments |\r
| Testability | — | Modular, injectable dependencies |\r
| **Overall** | — | Weighted average |\r
\r
### Step 5 — PR Summary Comment (GitHub-style)\r
Generate a ready-to-paste GitHub PR description:\r
\r
```markdown\r
## Code Review Summary\r
\r
**Reviewed by:** AI Code Review Expert\r
**Date:** [today]\r
**Overall:** ⭐⭐⭐⭐ (4/5 — Minor issues found)\r
\r
### Critical Issues (0)\r
No blocking issues found. ✅\r
\r
### Warnings (2)\r
- `user_service.py:45` — Potential SQL injection via raw query concatenation\r
- `auth.py:12` — JWT secret read from environment variable without validation\r
\r
### Suggestions (3)\r
- Consider extracting the validation logic into a shared utility\r
- Add docstrings to public methods\r
- Use `dataclasses` instead of plain dicts for `UserProfile`\r
\r
### Positive Highlights 🌟\r
- Excellent use of dependency injection in `UserController`\r
- Clear separation of concerns between service and repository layers\r
```\r
\r
## Example Interactions\r
\r
**User:**\r
```python\r
def get_user(user_id):\r
    query = "SELECT * FROM users WHERE id = " + user_id\r
    return db.execute(query)\r
```\r
\r
**Skill response:**\r
> 🔴 **Critical — SQL Injection** (`get_user` function)\r
> **Issue:** String concatenation in SQL queries allows attackers to inject malicious SQL.\r
> **Impact:** Complete database compromise (data theft, deletion, admin escalation).\r
> **Fix:**\r
> ```python\r
> def get_user(user_id: int) -> dict | None:\r
>     query = "SELECT * FROM users WHERE id = %s"\r
>     return db.execute(query, (user_id,))\r
> ```\r
\r
---\r
\r
**User:** "Review this TypeScript React component for performance issues"\r
\r
**Skill response:** Identifies missing `useMemo`/`useCallback` wrappers, unnecessary re-renders, missing key props in lists, and suggests a refactor to a presentational/container pattern.\r
\r
## Supported Languages\r
\r
Python, JavaScript, TypeScript, Java, Kotlin, Go, Rust, C/C++, C#, Ruby, PHP, Swift, SQL, Shell/Bash, Terraform/HCL, Dockerfile, YAML/JSON configs\r
\r
## Notes & Constraints\r
\r
- Never store or log submitted code — treat all code as potentially sensitive IP\r
- For **large files** (>300 lines), ask the user to focus on a specific function/section\r
- Security reviews follow **OWASP Top 10 2025** and **CWE Top 25**\r
- When suggesting fixes, preserve the original code's intent and style conventions\r
- Flag potential license compliance issues in code using third-party libraries\r
- For CI/CD integration guidance, explain how to hook this workflow into GitHub Actions or GitLab CI\r
安全使用建议
Use it as a text-based code review assistant. Only paste source code or diffs you are comfortable sharing with the agent, and independently verify suggested fixes before applying them.
功能分析
Type: OpenClaw Skill Name: ai-code-review-expert Version: 1.0.1 The skill bundle is a legitimate AI-powered code review assistant designed to perform static analysis and security scanning. The instructions in SKILL.md provide a structured workflow for identifying vulnerabilities (e.g., SQL injection, OWASP Top 10) and generating PR comments, with no evidence of data exfiltration, malicious execution, or harmful prompt injection.
能力评估
Purpose & Capability
The skill is coherent with its stated purpose of reviewing user-provided code, but the artifacts show only prompt instructions, not actual GitHub integration or dedicated static-analysis tooling.
Instruction Scope
Instructions focus on asking for code context, analyzing provided snippets/diffs, and producing review comments; no hidden goal changes or unsafe autonomous actions are evident.
Install Mechanism
There is no install spec, no code files, no required binaries, and no package installation.
Credentials
The skill does not request local filesystem, shell, network, credential, or environment-variable access.
Persistence & Privilege
No persistence, background execution, credential use, privileged access, or account mutation is shown in the provided artifacts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ai-code-review-expert
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ai-code-review-expert 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
## Changelog for ai-code-review-expert v1.0.1 - No file changes detected in this release. - No updates to skill capabilities, documentation, or workflow.
v1.0.0
Initial release of AI Code Review Expert. - Provides AI-powered code review with deep static analysis, security scanning, and coding standard enforcement for multiple languages. - Generates actionable pull request (PR) review comments, explains issues, and suggests concrete fixes. - Supports Python, JavaScript, TypeScript, Java, Go, Rust, and more; integrates with GitHub PR workflows. - Performs multi-dimensional analysis (critical, warning, suggestion) and outputs an overall code quality score. - Includes step-by-step review workflow, customizable review focus, and sample PR summary formats. - Emphasizes security best practices (OWASP Top 10 2025), code style flexibility, and privacy (no code storing/logging).
元数据
Slug ai-code-review-expert
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Ai Code Review Expert 是什么?

AI-powered code review assistant — perform deep static analysis, identify security vulnerabilities, enforce coding standards, suggest refactoring patterns, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 161 次。

如何安装 Ai Code Review Expert?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-code-review-expert」即可一键安装,无需额外配置。

Ai Code Review Expert 是免费的吗?

是的,Ai Code Review Expert 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Ai Code Review Expert 支持哪些平台?

Ai Code Review Expert 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ai Code Review Expert?

由 lingfeng-19(@gechengling)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论