← 返回 Skills 市场
sunshine-del-ux

Code Review Assistant

作者 Sunshine-del-ux · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1849
总下载
0
收藏
8
当前安装
1
版本数
在 OpenClaw 中安装
/install code-review-assistant
功能描述
自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。
使用说明 (SKILL.md)

Code Review Assistant

自动化代码审查助手,帮助开发者快速审查代码,提高代码质量。

功能

  • 🔍 自动代码审查
  • 🐛 Bug 检测
  • 🔒 安全漏洞扫描
  • 📝 代码风格建议
  • 📊 复杂度分析
  • ✅ 最佳实践检查

支持的语言

语言 支持
JavaScript/TypeScript
Python
Go
Rust
Java
C/C++

使用方法

审查单个文件

code-review-assistant review path/to/file.js

# 指定语言
code-review-assistant review path/to/file.py --language python

审查 Git Diff

# 审查当前的 git diff
code-review-assistant diff

# 审查特定分支
code-review-assistant diff main..feature-branch

审查 PR

code-review-assistant pr --owner username --repo reponame --pr-number 123

输出示例

# Code Review Report

## File: src/utils.js

### Issues Found: 3

#### 🔴 High Priority (1)

1. **Line 45: Potential SQL Injection**
   ```javascript
   const query = `SELECT * FROM users WHERE id = ${userId}`;

→ Use parameterized queries instead

🟡 Medium Priority (2)

  1. Line 23: Missing Error Handling

    const data = JSON.parse(response);

    → Add try-catch block

  2. Line 67: Hardcoded API Key

    const API_KEY = "sk-1234567890";

    → Use environment variables

🟢 Suggestions (5)

  • Consider using const instead of let
  • Add JSDoc comments
  • Extract function at line 100
  • ...

Summary

Category Count
Security 1
Performance 0
Best Practices 3
Code Style 2

Recommendation: Fix high priority issues before merging


## 配置

### 规则配置

```bash
# 启用/禁用特定规则
code-review-assistant config --enable security,performance --disable style

# 设置严重级别
code-review-assistant config --severity high

忽略文件

创建 .codereviewignore 文件:

# Ignore node_modules
node_modules/

# Ignore build output
dist/
build/

安装

# 无需额外依赖
# 使用内置代码分析

CI/CD 集成

GitHub Actions

name: Code Review
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Code Review
        run: |
          code-review-assistant review . --output report.md
      - name: Upload Report
        uses: actions/upload-artifact@v3
        with:
          name: code-review-report
          path: report.md

变现思路

  1. GitHub Marketplace - 发布 GitHub Action
  2. 付费规则集 - 提供专业版规则
  3. 企业版 - 自托管版本
  4. 代码质量服务 - 为企业提供代码审查服务
安全使用建议
This skill claims to perform automated, multi-language code reviews and vulnerability scans, but the included code is just a small Bash script that prints example reports rather than analyzing your code. If you expect real analysis, do not rely on this skill yet. Before installing or granting any secrets (e.g., GITHUB_TOKEN): 1) inspect the script and any other code to confirm it actually performs analysis (search for calls to linters, static analyzers, or network APIs); 2) run it in a sandbox or test repo to observe behavior; 3) do not provide tokens or integrate into CI until the PR logic and credential handling have been reviewed; 4) if you need genuine code scanning, prefer well-known tools (semgrep, eslint, bandit, gosec, etc.) or a skill that clearly documents and executes those engines. The mismatch between claims and implementation is a red flag—treat this as a stub or demo, not a production analyzer.
功能分析
Type: OpenClaw Skill Name: code-review-assistant Version: 1.0.0 The skill bundle provides a mock 'Code Review Assistant'. The `SKILL.md` describes the tool's features and usage, without containing any prompt injection attempts against the agent. The `code-review-assistant.sh` script is a simple bash script that primarily prints static markdown reports. It uses `echo` to display user-provided arguments but does not execute them, thus avoiding shell injection. It also safely executes `git diff --stat` if `git` is available. There is no evidence of data exfiltration, malicious execution, persistence, or other harmful behaviors. The script's functionality is limited to simulating a code review, making it benign.
能力评估
Purpose & Capability
The name and description promise automated, multi-language code analysis, bug detection, and vulnerability scanning. The repository contains only a small Bash script that prints hard-coded example reports and a brief handling of git diff; it does not actually parse files, run linters, static analyzers, or call any security scanners. This is a mismatch between claimed capability and actual implementation.
Instruction Scope
SKILL.md instructs the user to run commands like 'review', 'diff', and 'pr' and claims built-in analysis for many languages. The shell script's 'review' command never reads or analyzes the target file/directory contents (it simply prints a canned report). The 'pr' command only prints a note about GITHUB_TOKEN and does not implement PR fetching. The instructions therefore overstate functionality and give the agent broad discretion without backing implementation.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-only with a bundled shell script. No network fetches or archive extraction are specified, which is low-risk from an install perspective.
Credentials
No required environment variables are declared. The script mentions GITHUB_TOKEN in output text as an optional configuration for PR reviews; this is reasonable if PR integration were implemented, but currently GITHUB_TOKEN is not used in code. If PR support were added, a GitHub token would be expected; do not supply a token until you inspect and trust any code that uses it.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not modify system configuration. It does not write files or install system-wide changes by itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install code-review-assistant
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /code-review-assistant 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of code-review-assistant. - 自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测和安全漏洞扫描 - 支持 JavaScript/TypeScript、Python、Go、Rust、Java、C/C++ 等主流语言 - 提供命令行工具,用于单文件、Git diff、PR 审查等多种场景 - 输出详细的代码问题报告,涵盖安全、最佳实践、代码风格等多维度 - 支持规则配置与文件忽略,便于灵活集成开发流程 - 无需额外依赖,内置代码分析,支持集成到 GitHub Actions
元数据
Slug code-review-assistant
版本 1.0.0
许可证
累计安装 8
当前安装数 8
历史版本数 1
常见问题

Code Review Assistant 是什么?

自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1849 次。

如何安装 Code Review Assistant?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-review-assistant」即可一键安装,无需额外配置。

Code Review Assistant 是免费的吗?

是的,Code Review Assistant 完全免费(开源免费),可自由下载、安装和使用。

Code Review Assistant 支持哪些平台?

Code Review Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Code Review Assistant?

由 Sunshine-del-ux(@sunshine-del-ux)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论