← 返回 Skills 市场
terrycarter1985

AI Code Review

作者 terrycarter1985 · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ✓ 安全检测通过
71
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ai-code-review-svc
功能描述
Automated code review with LLM analysis, voice transcription, and Discord notifications
使用说明 (SKILL.md)

AI Code Review Skill

Automated code review service that combines LLM-powered diff analysis, voice-note transcription, and Discord notifications into a unified review pipeline.

Features

  • LLM Code Analysis: Sends diffs to GPT-4o with structured JSON output (issues count, suggestions, approval status, summary)
  • Voice Note Transcription: Transcribes review meeting recordings via OpenAI Whisper API with file validation
  • Discord Notifications: Rich embed notifications with approval status, issue counts, and color-coded indicators
  • URL Safety: Scheme validation prevents SSRF attacks on all fetched URLs
  • Request Timeouts: All HTTP calls enforce a 30-second timeout to prevent hanging
  • Structured Logging: Consistent logging throughout with logging module
  • ClawHub Publishing: Built-in publish_skill() helper using the ClawHub CLI

Quick Start

# Set required environment variables
export OPENAI_API_KEY="sk-..."
export DISCORD_WEBHOOK_URL="https://discord.com/api/webhooks/..."  # optional

# Run a review
python src/code_review_service.py

API Reference

process_pull_request(pr_number, diff_url, voice_note_path=None)

End-to-end PR review: fetches diff, runs LLM analysis, optionally transcribes a voice note, and sends a Discord notification.

Returns a dict with keys: issues_found, suggestions, approval, summary, and optionally voice_note_transcription.

analyze_code_changes(diff_content)

Sends diff text to GPT-4o for analysis. Returns structured JSON with issues_found, suggestions, approval (approved/needs_changes/rejected), and summary.

transcribe_voice_note(audio_file_path)

Validates the audio file exists and is non-empty, then transcribes via Whisper-1. Returns the transcription text.

send_discord_notification(message, embed=None)

Posts a message (with optional rich embed) to the configured Discord webhook. Returns True on success.

publish_skill(skill_path, version)

Publishes a skill directory to ClawHub at the given version using the clawhub CLI.

Configuration

Variable Required Default Description
OPENAI_API_KEY Yes OpenAI API key for GPT-4o and Whisper
DISCORD_WEBHOOK_URL No Discord webhook URL for notifications
CLAWHUB_API_URL No https://api.clawhub.com/v1 ClawHub API base URL

Health Check

The included scripts/healthcheck.sh monitors nginx, docker, code-review-service, and whisper-api-gateway. It auto-restarts failed services and sends Discord alerts. Disk usage warnings trigger at 80% and critical alerts at 90%.

Changelog

1.1.0

  • Fixed SSRF vulnerability: added _validate_url() with scheme allowlist for all fetched URLs
  • Added 30-second request timeouts to all requests calls (diff fetch + Discord webhook)
  • Replaced bare except clauses with specific exception types (requests.RequestException, FileNotFoundError, ValueError, json.JSONDecodeError)
  • Added input validation: file existence/size checks for audio, empty-diff handling
  • Implemented actual LLM-based code analysis via GPT-4o (replaced stub analyze_code_changes)
  • Added logging module throughout; removed silent error swallowing
  • Lazy-initialized OpenAI client with clear error on missing key
  • Improved error handling in voice note transcription (graceful skip on failure)
  • Enhanced health check script compatibility with chroot/container environments
安全使用建议
Before installing or using this skill, confirm that you are comfortable sending code diffs and optional audio to OpenAI and summaries to Discord. Treat the package as incomplete because the referenced Python service and healthcheck script are not included; do not run any later-provided implementation until you review its source and permissions.
功能分析
Type: OpenClaw Skill Name: ai-code-review-svc Version: 1.1.1 The skill bundle documentation (SKILL.md, README.md) describes a legitimate automated code review service. It includes features for LLM-based diff analysis, voice transcription via OpenAI Whisper, and Discord notifications. The documentation explicitly highlights security-conscious features such as SSRF validation for URLs and request timeouts. No evidence of malicious intent, data exfiltration, or prompt injection was found in the provided files.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The LLM code review, Whisper transcription, and Discord notification features are coherent with the stated purpose, but the documentation also references absent source files, a healthcheck script, and a ClawHub publishing helper that are not implemented in the supplied artifacts.
Instruction Scope
Instructions disclose that diffs and optional audio are sent to OpenAI and that Discord notifications may be posted. No hidden prompt-injection or goal-hijack instructions were found.
Install Mechanism
There is no install spec and no code files, while the README/SKILL.md tell users to run src/code_review_service.py and describe scripts/healthcheck.sh. This is an incomplete review context rather than evidence of malicious behavior.
Credentials
The documented OPENAI_API_KEY and optional DISCORD_WEBHOOK_URL are expected for this integration, but registry metadata does not declare required environment variables.
Persistence & Privilege
The described healthcheck would auto-restart nginx, docker, and related services if it existed and were run, but no such script is included or automatically installed in the supplied artifacts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ai-code-review-svc
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ai-code-review-svc 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
修复代码质量问题、SSRF漏洞修复、添加请求超时、实现LLM代码分析、优化健康检查适配
v1.1.0
Fixed code quality and security issues: input validation, request timeouts, webhook URL validation, message truncation, no auto-approve, lazy client init, structured logging. Optimized healthcheck compatibility.
元数据
Slug ai-code-review-svc
版本 1.1.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

AI Code Review 是什么?

Automated code review with LLM analysis, voice transcription, and Discord notifications. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 71 次。

如何安装 AI Code Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-code-review-svc」即可一键安装,无需额外配置。

AI Code Review 是免费的吗?

是的,AI Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

AI Code Review 支持哪些平台?

AI Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 AI Code Review?

由 terrycarter1985(@terrycarter1985)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论