← 返回 Skills 市场
Code Assistant
作者
Miguel Guerra
· GitHub ↗
· v1.0.0
1120
总下载
0
收藏
13
当前安装
1
版本数
在 OpenClaw 中安装
/install code-assistant
功能描述
Asistente de programación especializado. Analiza código, encuentra bugs, sugiere optimizaciones, refactoriza y genera documentación automáticamente.
使用说明 (SKILL.md)
Code Assistant (Asistente de Programación Pro)
Una super-habilidad para desarrolladores. Va más allá de escribir código: analiza, depura, optimiza, refactoriza y documenta.
Capacidades
┌─────────────────────────────────────────────────────┐
│ CODE ASSISTANT │
├─────────────────────────────────────────────────────┤
│ 🔍 Análisis │ Encuentra bugs y code smells │
│ ⚡ Optimización │ Mejora rendimiento y eficiencia │
│ 🔄 Refactor │ Limpia y estructura código │
│ 📝 Documenta │ Genera docstrings y README │
│ 🧪 Tests │ Crea tests unitarios │
│ 🔐 Seguridad │ Detecta vulnerabilidades │
└─────────────────────────────────────────────────────┘
Comandos
Análisis de Código
# Analizar un archivo
code analyze src/utils.ts
# Analizar un directorio
code analyze src/ --depth:2
# Buscar bugs específicos
code bugs src/api/
code find-bugs src/
# Revisar complejidad
code complexity src/heavy-function.ts
Optimización
# Sugerir optimizaciones
code optimize src/slow-algorithm.py
# Optimizar queries SQL
code optimize-sql queries/
# Reducir bundle size
code optimize-bundle src/
Refactorización
# Refactorizar archivo
code refactor src/legacy-code.js
# Aplicar convenciones (PEP8, ESLint rules)
code format src/ --style:pep8
# Extraer función
code extract-function src/long-file.ts --lines:45-80
Documentación
# Generar docstrings
code document src/api/
# Crear README
code readme src/my-project/
# Generar changelog
code changelog --since:v1.0.0
Tests
# Generar tests unitarios
code test-gen src/calculator.ts
# Sugerir edge cases
code edge-cases src/validator.py
Ejemplo de Uso
Usuario: code analyze src/users/auth.ts
Bot: 🔍 Análisis de: src/users/auth.ts
📊 Métricas:
├── Líneas: 245
├── Funciones: 12
├── Complejidad ciclomática: 18 ⚠️ (alta)
└── Cobertura de docs: 30% ⚠️
🐛 Bugs Potenciales (2):
1. Línea 67: Race condition
```typescript
// ❌ Problema
if (user) {
await saveUser(user); // user puede cambiar entre check y save
}
```
💡 Solución: Usar transacción o lock
2. Línea 142: SQL Injection
```typescript
// ❌ Problema
query(`SELECT * FROM users WHERE id = ${userId}`)
```
💡 Solución: Usar parámetros preparados
⚡ Optimizaciones Sugeridas (3):
1. Línea 89: Usar Map en lugar de Object para lookups frecuentes
2. Línea 156: Memoizar resultado de getPermissions()
3. Línea 201: Lazy loading para módulo crypto
🔄 Refactorizaciones Sugeridas:
1. Extraer validateToken() a módulo separado
2. Aplicar patrón Repository para queries
¿Ejecutar alguna acción? [Documentar] [Refactorizar] [Generar Tests]
Lenguajes Soportados
| Lenguaje | Análisis | Docs | Tests |
|---|---|---|---|
| TypeScript/JavaScript | ✅ | ✅ | ✅ |
| Python | ✅ | ✅ | ✅ |
| Go | ✅ | ✅ | ✅ |
| Rust | ✅ | ✅ | ⚠️ |
| Java | ✅ | ✅ | ✅ |
| C/C++ | ⚠️ | ⚠️ | ⚠️ |
Integración con Coding Agents
Puede delegar tareas complejas a Codex, Claude Code o Pi:
# Usar Codex para refactorizar
code refactor src/legacy.ts --agent:codex
# Usar Claude para documentar
code document src/ --agent:claude
Configuración
| Variable | Descripción | Default |
|---|---|---|
CODE_DEFAULT_STYLE |
Estilo de código | auto |
CODE_MAX_COMPLEXITY |
Umbral de complejidad | 15 |
CODE_AUTO_FIX |
Aplicar fixes automáticamente | false |
CODE_IGNORE_PATTERNS |
Patrones a ignorar | node_modules,dist |
Reglas de Análisis
El asistente detecta:
- Security: SQL injection, XSS, path traversal, hardcoded secrets
- Performance: N+1 queries, loops ineficientes, memory leaks
- Style: Nombres inconsistentes, funciones largas, código muerto
- Logic: Null checks faltantes, race conditions, off-by-one errors
Integración
- self-repair: Los bugs encontrados pueden auto-corregirse
- knowledge-base: Busca en documentación indexada
- expert-researcher: Investiga mejores prácticas
安全使用建议
This skill appears to implement a local static analyzer (scripts/analyzer.ts) and the basic features in SKILL.md but the documentation claims extra integrations (third‑party agents, self‑repair, knowledge base) that are not implemented or documented. Before installing: (1) Ask the publisher for a homepage or source repo and for details about the advertised integrations and whether any external APIs will be used and which credentials are required. (2) Inspect the included scripts yourself (they are bundled here) and run them locally in a safe environment — they read project files but do not perform network calls. (3) Avoid using any 'delegate to external agent' options unless you understand and accept that source code may be transmitted to third parties. (4) Verify how the advertised 'code' CLI is intended to be installed/installed wrapper if you expect to run the commands shown in SKILL.md.
功能分析
Type: OpenClaw Skill
Name: code-assistant
Version: 1.0.0
The skill is designed as a code assistant, requiring file system access for its stated purpose. However, the `scripts/analyzer.ts` directly uses user-provided file and directory paths from `process.argv` without any input sanitization. This creates a Local File Inclusion/Disclosure (LFI/LFD) vulnerability, allowing an attacker to potentially read arbitrary files (e.g., `../../../../etc/passwd`) on the system by manipulating the `target` argument passed to the `code` command. While this is a critical security flaw, the script does not contain explicit code for data exfiltration, installing backdoors, or other actions indicative of intentional malice; it merely reads and attempts to 'analyze' the content.
能力评估
Purpose & Capability
The analyzer.ts implements static analysis, doc generation and simple suggestions which fit the 'code assistant' purpose. However SKILL.md advertises additional capabilities (delegation to Codex/Claude/Pi, self-repair, knowledge-base, expert-researcher, auto-fix) that are not implemented in the provided script. Also SKILL.md uses a 'code' CLI command while the repository provides scripts/analyzer.ts (no install or wrapper to expose a 'code' binary). This mismatch is likely marketing/packaging sloppiness but reduces confidence.
Instruction Scope
Runtime instructions are focused on running a local CLI to analyze project files and refer only to config env vars declared in SKILL.md. The shipped script reads arbitrary files under project directories (expected for a code analyzer). The SKILL.md's references to delegating tasks to external agents (Codex/Claude/Pi) and 'knowledge-base' searching are not backed by code; if an operator uses such delegation in practice it could expose source code to third-party APIs — the skill does not document required API credentials or safeguards.
Install Mechanism
There is no install spec (instruction-only), which is low risk. However the package includes a runnable script (scripts/analyzer.ts) but provides no install/wrapping to create the advertised 'code' command; this is a packaging inconsistency rather than an active install risk. The script itself performs only local filesystem reads and has no network calls or archive downloads.
Credentials
No required secrets or credentials are declared. The script optionally reads benign configuration environment variables (CODE_MAX_COMPLEXITY, CODE_DEFAULT_STYLE, CODE_AUTO_FIX, CODE_IGNORE_PATTERNS) which are proportional to a code analysis tool. No unrelated or excessive env vars are requested.
Persistence & Privilege
The skill does not request always:true and does not declare any persistent/system-wide changes. It contains local analysis code only and does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install code-assistant - 安装完成后,直接呼叫该 Skill 的名称或使用
/code-assistant触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of code-assistant: an all-in-one programming assistant.
- Analyzes code to find bugs, code smells, and vulnerabilities.
- Suggests optimizations for performance and efficiency.
- Refactors and formats code, applying common conventions.
- Automatically generates documentation, docstrings, and READMEs.
- Creates unit tests and suggests edge cases.
- Supports integration with external coding agents (Codex, Claude, Pi).
- Self-repair, documentation lookup, and best-practice research included.
- Multi-language support: TypeScript, Python, Go, Rust, Java, C/C++.
元数据
常见问题
Code Assistant 是什么?
Asistente de programación especializado. Analiza código, encuentra bugs, sugiere optimizaciones, refactoriza y genera documentación automáticamente. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1120 次。
如何安装 Code Assistant?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-assistant」即可一键安装,无需额外配置。
Code Assistant 是免费的吗?
是的,Code Assistant 完全免费(开源免费),可自由下载、安装和使用。
Code Assistant 支持哪些平台?
Code Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Assistant?
由 Miguel Guerra(@miguelguerra200022-sudo)开发并维护,当前版本 v1.0.0。
推荐 Skills