← 返回 Skills 市场

Code Quality Reviewer

Name: Code Quality Reviewer
Author: sky-lv

作者 SKY-lv · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install code-quality-reviewer

功能描述

Analyzes code for bugs, security risks, complexity, and style, providing detailed issues and actionable improvement suggestions.

使用说明 (SKILL.md)

CodeReview Agent Skill

AI-powered code review and quality analysis agent

功能

代码质量分析 - 检测代码异味、复杂度问题
安全漏洞扫描 - SQL注入、XSS、敏感信息泄露
性能优化建议 - 识别性能瓶颈
最佳实践检查 - 符合语言规范和设计模式
自动修复建议 - 提供可执行的修复代码

使用场景

用户: 帮我审查这段Python代码的安全性
Agent: [调用code-reviewer skill分析代码，输出安全问题列表和修复建议]

工具函数

`review_code(code, language, focus_areas)`

审查代码并返回分析报告。

参数:

code (str): 要审查的代码
language (str): 编程语言 (python/javascript/go/rust/java等)
focus_areas (list): 关注点 ['security', 'performance', 'style', 'complexity']

返回:

{
    "issues": [
        {
            "type": "security",
            "severity": "high",
            "line": 42,
            "message": "Potential SQL injection vulnerability",
            "suggestion": "Use parameterized queries"
        }
    ],
    "score": 75,
    "summary": "代码整体可读性良好，但存在安全风险"
}

`analyze_complexity(code, language)`

分析代码复杂度（圈复杂度、认知复杂度）。

`detect_patterns(code, language)`

检测代码中使用的设计模式。

配置

{
    "rules": {
        "max_complexity": 10,
        "max_line_length": 120,
        "require_docstring": true,
        "security_checks": ["injection", "xss", "secrets"]
    }
}

示例

# 审查Python代码
result = review_code('''
def get_user(id):
    query = f"SELECT * FROM users WHERE id = {id}"
    return db.execute(query)
''', 'python', ['security'])

# 输出:
# [HIGH] SQL Injection: Use parameterized queries
# Line 3: query = f"SELECT * FROM users WHERE id = {id}"
# Suggestion: query = "SELECT * FROM users WHERE id = ?"

安装

clawhub install SKY-lv/code-reviewer

License

MIT

Usage

Install the skill
Configure as needed
Run with OpenClaw

安全使用建议

This skill appears coherent and low-risk: it is instruction-only and requests no credentials. Before installing or running it, verify the repository/source the SKILL.md references (the skill.json points to a GitHub repo) and confirm you trust that source. Do not submit secrets, API keys, or sensitive production data for review. Note the minor metadata mismatches (version and license strings) — if you plan to install, check the actual package contents on the repo or registry first.

能力评估

✓ Purpose & Capability

Name/description (code quality, security, style) match the SKILL.md: the document describes review_code, complexity analysis, and pattern detection. There are minor metadata inconsistencies (SKILL.md lists version 1.0.2 and license MIT-0 while skill.json and registry show 1.0.0 and MIT) but these are bookkeeping issues, not functional mismatches.

✓ Instruction Scope

The runtime instructions are purely descriptive API-like docs for reviewing code; they do not direct the agent to read system files, access environment variables, or exfiltrate data. Example usage is limited to passing code to review_code and returning findings.

ℹ Install Mechanism

No install spec is present in the registry (instruction-only), which minimizes footprint. The SKILL.md includes an example 'clawhub install SKY-lv/code-reviewer' command — this is only a usage hint. Before running that installation command, verify the package source (repository) because a real install would fetch code from an external location.

✓ Credentials

The skill declares no required environment variables or credentials. Nothing in SKILL.md instructs access to secrets or unrelated services. As a precaution, do not send live credentials or sensitive production data to the reviewer interface.

✓ Persistence & Privilege

The skill does not request always:true and uses default invocation settings. It does not request or indicate modification of other skills or system-wide configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install code-quality-reviewer
安装完成后，直接呼叫该 Skill 的名称或使用 /code-quality-reviewer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of Code Reviewer skill. - Provides automated code quality analysis, bug detection, and security audit. - Detects code smells, complexity issues, and common security vulnerabilities. - Suggests performance improvements and best practice adherence. - Offers actionable fix recommendations with sample outputs. - Supports flexible configuration of review rules and focus areas.

元数据

Slug code-quality-reviewer

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题