← 返回 Skills 市场
Senior Code Reviewer
作者
Alireza Rezvani
· GitHub ↗
· v0.1.0
309
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install code-reviewer-2
功能描述
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations...
使用说明 (SKILL.md)
Code Reviewer
Automated code review tools for analyzing pull requests, detecting code quality issues, and generating review reports.
Table of Contents
Tools
PR Analyzer
Analyzes git diff between branches to assess review complexity and identify risks.
# Analyze current branch against main
python scripts/pr_analyzer.py /path/to/repo
# Compare specific branches
python scripts/pr_analyzer.py . --base main --head feature-branch
# JSON output for integration
python scripts/pr_analyzer.py /path/to/repo --json
What it detects:
- Hardcoded secrets (passwords, API keys, tokens)
- SQL injection patterns (string concatenation in queries)
- Debug statements (debugger, console.log)
- ESLint rule disabling
- TypeScript
anytypes - TODO/FIXME comments
Output includes:
- Complexity score (1-10)
- Risk categorization (critical, high, medium, low)
- File prioritization for review order
- Commit message validation
Code Quality Checker
Analyzes source code for structural issues, code smells, and SOLID violations.
# Analyze a directory
python scripts/code_quality_checker.py /path/to/code
# Analyze specific language
python scripts/code_quality_checker.py . --language python
# JSON output
python scripts/code_quality_checker.py /path/to/code --json
What it detects:
- Long functions (>50 lines)
- Large files (>500 lines)
- God classes (>20 methods)
- Deep nesting (>4 levels)
- Too many parameters (>5)
- High cyclomatic complexity
- Missing error handling
- Unused imports
- Magic numbers
Thresholds:
| Issue | Threshold |
|---|---|
| Long function | >50 lines |
| Large file | >500 lines |
| God class | >20 methods |
| Too many params | >5 |
| Deep nesting | >4 levels |
| High complexity | >10 branches |
Review Report Generator
Combines PR analysis and code quality findings into structured review reports.
# Generate report for current repo
python scripts/review_report_generator.py /path/to/repo
# Markdown output
python scripts/review_report_generator.py . --format markdown --output review.md
# Use pre-computed analyses
python scripts/review_report_generator.py . \
--pr-analysis pr_results.json \
--quality-analysis quality_results.json
Report includes:
- Review verdict (approve, request changes, block)
- Score (0-100)
- Prioritized action items
- Issue summary by severity
- Suggested review order
Verdicts:
| Score | Verdict |
|---|---|
| 90+ with no high issues | Approve |
| 75+ with ≤2 high issues | Approve with suggestions |
| 50-74 | Request changes |
| \x3C50 or critical issues | Block |
Reference Guides
Code Review Checklist
references/code_review_checklist.md
Systematic checklists covering:
- Pre-review checks (build, tests, PR hygiene)
- Correctness (logic, data handling, error handling)
- Security (input validation, injection prevention)
- Performance (efficiency, caching, scalability)
- Maintainability (code quality, naming, structure)
- Testing (coverage, quality, mocking)
- Language-specific checks
Coding Standards
references/coding_standards.md
Language-specific standards for:
- TypeScript (type annotations, null safety, async/await)
- JavaScript (declarations, patterns, modules)
- Python (type hints, exceptions, class design)
- Go (error handling, structs, concurrency)
- Swift (optionals, protocols, errors)
- Kotlin (null safety, data classes, coroutines)
Common Antipatterns
references/common_antipatterns.md
Antipattern catalog with examples and fixes:
- Structural (god class, long method, deep nesting)
- Logic (boolean blindness, stringly typed code)
- Security (SQL injection, hardcoded credentials)
- Performance (N+1 queries, unbounded collections)
- Testing (duplication, testing implementation)
- Async (floating promises, callback hell)
Languages Supported
| Language | Extensions |
|---|---|
| Python | .py |
| TypeScript | .ts, .tsx |
| JavaScript | .js, .jsx, .mjs |
| Go | .go |
| Swift | .swift |
| Kotlin | .kt, .kts |
安全使用建议
Before installing or running this skill: 1) Review the three Python scripts (pr_analyzer.py, code_quality_checker.py, review_report_generator.py) yourself — they will be executed locally and will read all files in the repo you point them at (so they can surface secrets); 2) Ensure the runtime environment has Python and git on PATH — the skill does not declare these required binaries; 3) Run the scripts in an isolated or non-production environment (container or VM) first to confirm behavior and outputs; 4) If you plan to let an agent invoke this skill automatically, restrict its repository scope (don’t give it access to repos with production secrets) and verify there are no unexpected network calls (I found no external endpoints or downloads in the files provided); 5) Prefer a version of the skill that explicitly lists required binaries and a maintainer/homepage so you can verify provenance.
功能分析
Type: OpenClaw Skill
Name: code-reviewer-2
Version: 0.1.0
The OpenClaw skill bundle 'code-reviewer-2' is benign. Its purpose is to perform automated code reviews, analyze pull requests, and check code quality, which is clearly stated in `SKILL.md`. The Python scripts (`pr_analyzer.py`, `code_quality_checker.py`, `review_report_generator.py`) implement these functionalities by reading local files and executing `git` commands via `subprocess.run` with arguments passed as a list, which is a safe practice against shell injection. The scripts are designed to *detect* security issues like hardcoded secrets and SQL injection patterns, not to exploit or exfiltrate them. There is no evidence of unauthorized network activity, data exfiltration, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent in any of the provided files.
能力评估
Purpose & Capability
The declared purpose (automated code review) matches the included scripts and reference docs. However the skill declares no required binaries or install steps even though the SKILL.md and the shipped tools explicitly run via the 'python' interpreter and the PR analyzer calls 'git' via subprocess. Not declaring Python and git is an incoherence that could lead to runtime failures or surprise if the agent environment differs.
Instruction Scope
SKILL.md instructs the agent (and user) to run local Python scripts against a repository path; the scripts read repository files, diffs, commit messages and produce JSON/markdown reports. That behavior is expected for a code-review tool, but it means the skill will scan all files you point it at (including secrets). The instructions do not ask for unrelated system files or external credentials.
Install Mechanism
There is no install spec (instruction-only), which is low-risk, but three substantive Python scripts are included and intended to be executed. Because the package contains executable code but does not declare runtime binary requirements, there's a mismatch between packaging and runtime behavior.
Credentials
The skill declares no required environment variables or credentials, and the scripts do not read secrets from env; that is proportionate. However the scripts do invoke git and run Python subprocesses, so they implicitly require access to the filesystem and local git history. The absence of an explicit 'requires: python, git' is a notable omission.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. It runs as an on-demand tool that executes local analysis; nothing in the files attempts to modify other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install code-reviewer-2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/code-reviewer-2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of the code-reviewer skill for automated code review.
- Supports TypeScript, JavaScript, Python, Go, Swift, and Kotlin.
- Includes tools for PR analysis, code quality checking, and review report generation.
- Detects common issues such as code smells, complexity, SOLID violations, and security risks.
- Provides detailed guides: code review checklists, coding standards, and common antipatterns.
元数据
常见问题
Senior Code Reviewer 是什么?
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 309 次。
如何安装 Senior Code Reviewer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-reviewer-2」即可一键安装,无需额外配置。
Senior Code Reviewer 是免费的吗?
是的,Senior Code Reviewer 完全免费(开源免费),可自由下载、安装和使用。
Senior Code Reviewer 支持哪些平台?
Senior Code Reviewer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Senior Code Reviewer?
由 Alireza Rezvani(@alirezarezvani)开发并维护,当前版本 v0.1.0。
推荐 Skills