← 返回 Skills 市场
3052
总下载
0
收藏
14
当前安装
1
版本数
在 OpenClaw 中安装
/install code-review-fix
功能描述
Automatically review code for bugs, security, style, and performance issues, provide fix suggestions, and optionally apply repairs with explanations.
使用说明 (SKILL.md)
Code Review & Fix / 智能代码审查与修复
自动审查代码问题、提供修复建议、直接修复代码 —— 解决开发者"代码质量"和"bug修复"的高频痛点。
Usage / 使用方法
# 审查当前文件
/code-review
# 审查并自动修复
/code-review --fix
# 只检查安全问题
/code-review --security
# 学习模式(附带解释)
/code-review --explain
Features / 功能特性
- ✅ 代码问题检测(bug、安全、性能)
- ✅ 代码风格检查
- ✅ 自动修复
- ✅ 解释教育模式
- ✅ 多语言支持
Pricing / 定价
- 前3次免费
- 单次调用:0.001 USDT
- 更多套餐见 skillpay.me
安全使用建议
This skill is functionally coherent but contains a hard-coded billing API key and will call an external billing service, sending a user identifier (your local username by default) and creating a local state file. Before installing: (1) review lib/billing.ts and decide whether you trust the billing endpoint and the embedded key — ideally replace it with your own key or remove automatic billing; (2) be aware the skill will create .code-review-fix-state.json in the working directory and may transmit your OS username unless you set SKILLPAY_USER_ID; (3) run it in an isolated environment (not as root) and verify network activity; (4) ensure you have Bun or adapt the scripts to your runtime; (5) if you do not trust the publisher, do not install or run the skill as-is.
功能分析
Type: OpenClaw Skill
Name: code-review-fix
Version: 1.0.0
The skill provides code analysis and fixing functionality but contains a hardcoded API key in `lib/billing.ts` and transmits the local OS username to an external endpoint (`skillpay.me`) for billing and usage tracking. While these behaviors are aligned with the stated purpose of a monetized skill, the hardcoded credential is a security vulnerability (credential exposure), and the automated collection of system identifiers for a third-party service represents a privacy risk.
能力评估
Purpose & Capability
The repository files (analyzer, main, billing) match the stated purpose (code review + optional auto-fix + billing). However, billing is implemented with a hard-coded BILLING_API_KEY and SKILL_ID in lib/billing.ts instead of requiring the publisher/user to supply credentials, which is unusual and worth questioning.
Instruction Scope
The runtime instructions in SKILL.md are scoped to code review, but scripts/main.ts reads arbitrary files in the current directory, writes a local state file (.code-review-fix-state.json), and will send a user identifier (derived from process.env.SKILLPAY_USER_ID or the local OS username) to an external billing service. SKILL.md/README do not clearly call out the sending of local username or creation of state files.
Install Mechanism
There is no install spec (instruction-only in registry) which minimizes install risk, but package.json and scripts assume the 'bun' runtime (start/dev scripts use bun). The registry metadata declared no required binaries, so the runtime assumption about Bun is an inconsistency that may break execution. No downloaded external archives are used.
Credentials
The skill declares no required env vars, but contains a hard-coded billing API key (BILLING_API_KEY) in lib/billing.ts. Embedding a long-lived secret in code means the publisher's key will be used for all billing calls; this is disproportionate and risky. The code also optionally reads process.env.SKILLPAY_USER_ID to form user IDs, which is reasonable but not declared in metadata.
Persistence & Privilege
The skill does not request permanent 'always' privilege and does not modify other skills. It does create a state file in the working directory (.code-review-fix-state.json). Because the skill can be invoked autonomously by agents (default), network-enabled billing calls combined with the embedded key increase operational risk if invoked without user oversight.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install code-review-fix - 安装完成后,直接呼叫该 Skill 的名称或使用
/code-review-fix触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Code Review & Fix.
- Automatically reviews code for bugs, security, and performance issues
- Offers automated code fixes and style checking
- Educational mode available with explanations
- Supports multiple programming languages
- Free for first 3 uses; pay-per-use pricing after
元数据
常见问题
code-review-fix 是什么?
Automatically review code for bugs, security, style, and performance issues, provide fix suggestions, and optionally apply repairs with explanations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3052 次。
如何安装 code-review-fix?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-review-fix」即可一键安装,无需额外配置。
code-review-fix 是免费的吗?
是的,code-review-fix 完全免费(开源免费),可自由下载、安装和使用。
code-review-fix 支持哪些平台?
code-review-fix 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 code-review-fix?
由 landyun(@landyun)开发并维护,当前版本 v1.0.0。
推荐 Skills