← 返回 Skills 市场

Code Review Expert

Name: Code Review Expert
Author: banxian87

作者 banxian87 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

198

总下载

当前安装

版本数

在 OpenClaw 中安装

/install code-review-expert

功能描述

Multi-agent code review system using Manager-Worker pattern. Provides comprehensive code analysis from syntax, logic, security, and performance perspectives.

使用说明 (SKILL.md)

Code Review Expert

AI-powered code review system that uses multiple specialized agents to analyze your code from different perspectives.

Features

🔍 Multi-Dimensional Analysis

Syntax Checker: ESLint standards, code formatting, naming conventions
Logic Reviewer: Bug detection, edge cases, error handling
Security Scanner: SQL injection, XSS, sensitive data exposure
Performance Analyzer: Time complexity, optimization opportunities

📊 Detailed Reports

Issue severity ratings (Critical/High/Medium/Low)
Line-by-line feedback
Concrete fix suggestions
Code examples for improvements

🎯 Language Support

JavaScript/TypeScript (primary)
Python (basic)
More languages coming soon

Usage

Basic Review

const reviewer = new CodeReviewExpert();

const code = `
function getUser(userId) {
  const users = db.query('SELECT * FROM users');
  const user = users.find(u => u.id === userId);
  return user.name;
}
`;

const report = await reviewer.review(code);
console.log(report);

Advanced Options

const reviewer = new CodeReviewExpert({
  languages: ['javascript', 'typescript'],
  strictMode: true,  // More rigorous checks
  autoFix: false,    // Auto-generate fixes
  verbose: true
});

const report = await reviewer.review(code, {
  focus: ['security', 'performance'],  // Specific areas
  maxIssues: 10  // Limit issues
});

Example Output

## Code Review Report

### Overview
- File: user-service.js
- Issues Found: 5
- Critical: 1, High: 2, Medium: 1, Low: 1

### 🔴 Critical Issues

1. **SQL Injection Risk** (Line 2)
   ```javascript
   // Problem
   const query = `SELECT * FROM users WHERE id = ${userId}`;
   
   // Fix
   const query = 'SELECT * FROM users WHERE id = ?';
   db.execute(query, [userId]);

🟠 High Priority

Null Pointer Risk (Line 3)
- user might be undefined
- Add null check before accessing properties

Overall Score: 6/10


---

## Architecture

Manager Agent (Coordinator) ↓ ├─ Syntax Worker (ESLint rules) ├─ Logic Worker (Bug detection) ├─ Security Worker (Vulnerability scan) └─ Performance Worker (Optimization) ↓ Report Aggregator → Final Report


---

## Installation

```bash
clawhub install code-review-expert

API Reference

`review(code, options)`

Review code and return report.

Parameters:

code (string): Source code to review
options (object): Review options
- focus: Array of areas to focus on
- maxIssues: Maximum issues to return
- includeSuggestions: Include fix suggestions

Returns: Promise\x3CReviewReport>

`ReviewReport`

{
  score: number;           // 0-10
  issues: Issue[];
  summary: string;
  suggestions: string[];
}

License

MIT

Author

AI-Agent

Version

1.0.0

Created

2026-04-02

安全使用建议

This package appears to do what it says: it builds prompts and aggregates LLM-generated reviews from multiple worker roles. Before installing, consider: (1) any code you submit to the reviewer will be sent to the configured LLM — do not send sensitive or proprietary code unless you trust the model provider and environment; (2) the skill does not bundle or require model API keys — the host agent supplies the LLM interface, so review how your platform handles model credentials and logging; (3) review and test the parsing logic (report extraction) on representative outputs because heuristic parsing can mis-classify or miss issues. If those data-handling considerations are acceptable, the skill is coherent and low-risk.

功能分析

Type: OpenClaw Skill Name: code-review-expert Version: 1.0.0 The 'code-review-expert' skill bundle implements a multi-agent system for static code analysis using a Manager-Worker pattern. The logic in index.js and workers/base-workers.js focuses on decomposing code review tasks and coordinating specialized workers (Syntax, Logic, Security, and Performance) via LLM prompts. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the system's behavior is entirely consistent with its stated purpose of providing code quality and security feedback.

能力评估

✓ Purpose & Capability

Name/description match the implementation: manager-worker pattern, specialized workers for syntax/logic/security/performance, and example usage. No unexpected binaries, env vars, or config paths are requested.

ℹ Instruction Scope

SKILL.md and code instruct the agent to embed the user's source code into prompts sent to the configured LLM. That is coherent for an LLM-based reviewer, but means the reviewed code will be transmitted to whatever LLM implementation is used (the code expects a provided llm object or a platform LLM). If the code being reviewed is sensitive, this is a privacy/data-leakage consideration.

✓ Install Mechanism

No install spec; package is instruction-plus-local code only. package.json has no external dependencies and there are no downloads or extract steps. Low install risk.

✓ Credentials

The skill requires no environment variables, credentials, or config paths. It relies on a provided LLM interface (this.llm) which is typical; credential management for an external model provider would be handled by the host platform, not this skill.

✓ Persistence & Privilege

Skill is not always-enabled, does not modify other skills or system config, and does not request persistent elevated privileges. Autonomous invocation is allowed (platform default) but not combined with other concerning flags.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install code-review-expert
安装完成后，直接呼叫该 Skill 的名称或使用 /code-review-expert 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Multi-agent code review system with 4 specialized workers: syntax, logic, security, performance

元数据

Slug code-review-expert

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题