← 返回 Skills 市场

Autonomous Code Review

Name: Autonomous Code Review
Author: 1477009639zw-blip

作者 1477009639zw-blip · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

154

总下载

当前安装

版本数

在 OpenClaw 中安装

/install autonomous-code-review

功能描述

Automatically review code to detect critical bugs, security flaws, performance issues, and style violations as a first-pass code auditor.

使用说明 (SKILL.md)

Autonomous Code Review

Category: Development
Author: Beta
Version: 1.0.0
Runtime: OpenClaw + Claude/GPT

What It Does

Automatically review code for bugs, security issues, performance problems, and style violations. Acts as a tireless first-pass reviewer on any codebase.

When to Use

After any significant code change
Before merging pull requests
During code review requests
To catch issues before human reviewers

Review Checklist

🔴 Critical (Block Merge)

Security vulnerabilities (SQL injection, XSS, auth bypass)
Data corruption risks (race conditions, deadlocks)
Authentication/authorization bypasses
Secrets hardcoded in source

🟡 Important (Should Fix)

Performance issues (N+1 queries, inefficient loops)
Error handling missing or insufficient
Missing input validation
Resource leaks (unclosed connections, files)

🟢建议 (Nice to Fix)

Code style violations
Missing documentation
Hardcoded values that should be config
Overly complex logic

Usage

# Review a file
openclaw code review --file src/auth.py

# Review a diff
openclaw code review --diff "main..feature-branch"

# Full repository audit
openclaw code review --repo ./ --exclude "node_modules,dist"

Integration

GitHub Actions

- name: Code Review
  uses: openclaw/code-review-action@v1
  with:
    api-key: ${{ secrets.OPENCLAW_API_KEY }}

Pre-commit Hook

openclaw code review --staged --fail-on critical

Output Format

{
  "file": "src/auth.py",
  "issues": [
    {
      "severity": "critical",
      "line": 42,
      "rule": "sql-injection",
      "message": "User input directly interpolated into SQL query",
      "fix": "Use parameterized queries instead"
    }
  ],
  "score": 72,
  "summary": "1 critical, 2 important, 3 suggestions"
}

Best Practices

Run on every commit, not just before merges
Combine with human review for critical paths
Track review history to catch recurring issues
Customize rules per project type

安全使用建议

This skill is an instruction-only template for running an automated code review and appears coherent with that purpose. Before installing/using: (1) Confirm you have the 'openclaw' runtime/CLI the instructions assume; (2) expect to supply an OPENCLAW_API_KEY if you enable the GitHub Action or a hosted service — the skill didn’t declare this; (3) run the tool on non-sensitive or test repositories first, since full-repo scans can read secrets or configuration files; (4) combine the automated reports with human review for critical code paths. If you need a higher-assurance assessment, ask the publisher for implementation details or a signed release so you can verify what code (if any) will run.

功能分析

Type: OpenClaw Skill Name: autonomous-code-review Version: 1.0.0 The skill bundle contains only metadata and documentation for an autonomous code review tool. The instructions in SKILL.md define a standard review process (security, performance, style) and provide usage examples without any malicious commands, data exfiltration attempts, or prompt injection attacks.

能力评估

ℹ Purpose & Capability

Name, description, and checklist align with a first-pass automated code reviewer. The SKILL.md references running an 'openclaw' CLI and a GitHub Action that expects an OPENCLAW_API_KEY, but the skill manifest declares no required binaries or environment variables — a minor inconsistency (documentation/assumption about the platform) rather than evidence of hidden behavior.

✓ Instruction Scope

Instructions focus on reviewing files, diffs, and repositories and give examples for CLI usage, pre-commit hooks, and CI. These actions are within the expected scope of an automated code-review tool. Note: the guidance implies scanning entire repositories (which may include sensitive files or credentials in source), which is expected but something the user should consciously permit.

✓ Install Mechanism

No install spec and no code files — lowest-risk delivery model. The document assumes an existing 'openclaw' runtime/CLI but doesn't install anything itself.

ℹ Credentials

The manifest requests no environment variables, but example integrations show a GitHub Action using secrets.OPENCLAW_API_KEY. If you plan to use the GitHub Action or any hosted OpenClaw service, you will likely need to provide that API key — the skill should have declared that but did not. There are no unexplained extra credentials requested by the skill itself.

✓ Persistence & Privilege

always is false and the skill does not request persistent system privileges or modify other skills. It is user-invocable and would run when invoked, which is appropriate.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install autonomous-code-review
安装完成后，直接呼叫该 Skill 的名称或使用 /autonomous-code-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of Autonomous Code Review skill. - Automatically reviews code for bugs, security, performance, and style issues. - Provides a categorized checklist and outputs structured JSON reports. - Supports multiple usage modes: file, diff, or entire repository. - Integrates with GitHub Actions and pre-commit hooks for CI/CD workflows. - Offers best practice guidelines for continuous and effective code review.

元数据

Slug autonomous-code-review

版本 1.0.0

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 1

常见问题