← 返回 Skills 市场

RedHat Code Review

Name: RedHat Code Review
Author: mzfshark

作者 Mauricio Z. · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install axodus-code-review

功能描述

Review code for correctness, security, performance, and maintainability.

使用说明 (SKILL.md)

SKILL: code-review

Purpose

Analyze code (or a diff) to detect bugs, security issues, performance problems, and maintainability risks, then propose concrete improvements.

When to Use

Reviewing a PR/diff before merging.
A bug is suspected but not yet reproduced.
Hardening/security pass is requested.

Inputs

scope (required, string): files, diff, or code snippet to review.
intent (optional, string): what the code is supposed to do.
constraints (optional, string[]): security/perf/compat constraints.
risk_tolerance (optional, enum: low|medium|high).

Steps

Identify entrypoints, invariants, and trust boundaries.
Check correctness:
- edge cases
- error handling
- concurrency/races (if applicable)
Check security:
- input validation
- authz/authn
- secrets handling
- injection risks
Check performance and resource usage:
- hotspots
- unbounded loops/data growth
Check maintainability:
- naming
- duplication
- test coverage gaps
Produce a prioritized, actionable report.

Validation

Findings include concrete evidence (line references, behavior, or reproducible scenario).
Suggestions are compatible with stated constraints.
Distinguish â€œmust-fixâ€ from â€œnice-to-haveâ€.

Output

Review report (example schema):

summary: "\x3C1 paragraph>"
findings:
  - id: "CR-001"
    severity: "high|medium|low"
    category: "bug|security|perf|maintainability"
    issue: "\x3Cwhat>"
    impact: "\x3Cwhy it matters>"
    recommendation: "\x3Chow to fix>"

Safety Rules

Do not claim vulnerabilities without evidence.
Do not recommend unsafe patterns (e.g., disabling validation to â€œmake it workâ€).
Prefer minimal, targeted fixes.

Example

Input:

scope: â€œdiff for auth middlewareâ€

Output:

findings include missing audience check on JWTs and a failing negative test case.

安全使用建议

This skill appears coherent and safe in that it only contains instructions for reviewing code and asks for no credentials or installs. Before installing, consider: (1) provenance — the registry owner ID in the manifest differs from the _meta.json ownerId and the source/homepage are missing, so confirm you trust the publisher; (2) data sensitivity — when using the skill, avoid submitting proprietary secrets or sensitive code to any third-party service or agent session unless you trust it; (3) test first — try the skill with harmless sample code to confirm behavior; and (4) metadata oddities — the skill.yml contains a 'System.Object[]' line and the registry owner vs. _meta.json owner mismatch look like metadata/packaging issues (likely harmless, but worth verifying the publisher). If you require a higher assurance of provenance, request a signed or officially published variant with a verifiable homepage or source repository.

功能分析

Type: OpenClaw Skill Name: axodus-code-review Version: 1.0.0 The skill bundle defines a standard code review process for an AI agent. The instructions in SKILL.md and code-review.md are focused on identifying security vulnerabilities, performance issues, and maintainability risks in a helpful and safe manner. It includes explicit safety rules that prohibit recommending unsafe patterns or making unsubstantiated claims. No malicious logic, data exfiltration, or prompt injection attempts were identified.

能力评估

✓ Purpose & Capability

The name and description (code review for correctness, security, performance, maintainability) match the SKILL.md instructions. The skill is instruction-only and does not request binaries, env vars, or config paths that would be unrelated to code review.

✓ Instruction Scope

SKILL.md clearly describes inputs (scope, intent, constraints) and a bounded review procedure (entrypoints, correctness, security, perf, maintainability) and output schema. It does not instruct the agent to read system files, access unrelated credentials, or transmit data to external endpoints.

✓ Install Mechanism

No install spec or code files are present. Because this is instruction-only, nothing is written to disk or downloaded at install time.

✓ Credentials

No environment variables, credentials, or config paths are required. The skill does not ask for secrets or other sensitive tokens.

✓ Persistence & Privilege

always:false (default) and no special privileges are requested. disable-model-invocation is false (normal), meaning the agent can call the skill when invoked; this is expected for skills and is not flagged alone.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install axodus-code-review
安装完成后，直接呼叫该 Skill 的名称或使用 /axodus-code-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of axodus-code-review. - Provides a structured process for reviewing code or diffs with a focus on correctness, security, performance, and maintainability. - Accepts code scope, intent, constraints, and risk tolerance as inputs. - Outputs a prioritized review report with concrete findings and actionable recommendations. - Built-in validation ensures findings are evidence-based and suggestions respect stated constraints. - Includes specific safety rules to avoid unsafe recommendations.

元数据

Slug axodus-code-review

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题