← 返回 Skills 市场
120
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install codereview-assistant
功能描述
Code review best practices and workflow skill. Use when: reviewing pull requests, performing peer code review, setting up code review standards, or improving...
使用说明 (SKILL.md)
Code Review Skill
A structured approach to code review that balances thoroughness with efficiency.
Core Principles
- Review the code, not the author — Assume good intent, focus on the work.
- Be specific and constructive — Every comment should have a clear action.
- Prioritize by severity — Not all issues are equal.
- Approve with confidence — Don't approve code you wouldn't want to maintain.
Review Focus Areas
🔴 Critical — Must Fix Before Merge
- Security vulnerabilities (SQL injection, auth bypass, secrets in code)
- Data loss risks (missing validations, unguarded deletions)
- Race conditions and concurrency bugs
- Breaking production failures
🟡 Important — Should Fix Before Merge
- Error handling gaps
- Performance issues (N+1 queries, missing indexes, memory leaks)
- Missing test coverage for critical paths
- Inconsistent error responses
- Code that violates team conventions
🟢 Nit — Consider Fixing
- Naming that could be clearer
- Commented-out code
- Minor formatting inconsistencies
- Overly complex one-liners
Review Workflow
Step 1: Understand the Context
- Read the PR description and linked issues/tickets
- Check what the PR is trying to accomplish
- Understand the scope of changes
Step 2: Scan First Pass
Quick scan for:
- Obvious bugs or logic errors
- Security concerns
- Missing tests
- Breaking changes
Step 3: Deep Review
For each changed file:
- Read the diff carefully
- Cross-reference with design documents
- Check for side effects on existing functionality
- Verify test coverage
Step 4: Classify and Comment
For each issue found, classify:
[🔴 CRITICAL] \x3Ctitle>
Description of the issue.
Suggested fix: \x3Caction>
[🟡 IMPORTANT] \x3Ctitle>
Description of the issue.
Suggested fix: \x3Caction>
[🟢 NIT] \x3Ctitle>
Optional suggestion.
Step 5: Make a Decision
| Condition | Decision |
|---|---|
| No critical issues, minor nits | ✅ Approve |
| Important issues need fixing | 🔄 Request Changes |
| Critical issues found | ❌ Request Changes (block merge) |
| Need context/clarification | 💬 Comment (don't approve yet) |
PR Description Checklist
A good PR description should have:
- What — Brief summary of the change
- Why — Business or technical motivation
- How — High-level approach taken
- Testing — How the change was tested
- Screenshots — UI changes (before/after)
- Breaking Changes — Any API or contract changes
- Related Issues — Links to tickets
Review Comment Templates
Starting a Review
I've reviewed this PR. Here's my feedback:
**Looking at:** [files/modules]
**Tested locally:** [yes/no with details]
Approving
✅ **Approve** — Code looks good, ready to merge.
Minor suggestions (non-blocking):
- [nit 1]
- [nit 2]
Requesting Changes
🔄 **Request Changes** — Please address the following before merging:
**Critical:**
1. [issue] — [fix suggestion]
**Important:**
2. [issue] — [fix suggestion]
Blocking Merge
❌ **Blocking Merge** — This PR introduces a critical issue that must be resolved:
[Detailed description of the critical issue]
Per-Language/Framework Notes
Go
- Check
errorhandling on every function call - Verify
context.Contextpropagation - Look for
deferresource cleanup - Check goroutine leaks (use
go vet) - Review SQL query construction (avoid string concatenation)
TypeScript/Node.js
- Check async/await error handling
- Verify input validation on API handlers
- Look for memory leak patterns (event listeners not removed)
- Check dependency injection patterns
- Review
anytype usage
Python
- Check exception handling
- Verify database connection cleanup
- Look for proper
withstatement usage - Review decorator usage for side effects
- Check type hints completeness
Java/Kotlin
- Check exception handling and logging
- Verify resource cleanup (try-with-resources)
- Review Spring annotations usage
- Look for thread safety issues
- Check transaction boundaries
Automation Complement
Code review augments (not replaces) automated tools:
- Linters — Formatting, style conventions
- Type checkers — Type safety
- SAST scanners — Security vulnerability detection
- Coverage tools — Test coverage metrics
Always verify what the automation missed.
File Structure
code-review/
├── SKILL.md
└── references/
├── review-checklist.md
├── comment-templates.md
├── severity-classification.md
└── per-language-notes/
├── go.md
├── typescript.md
├── python.md
└── java.md
安全使用建议
This skill is documentation-only and internally consistent with its stated purpose, so technical risk is low. Before installing, consider: (1) the source is unknown and there's no homepage — if provenance matters to you, review the files yourself; (2) adapt templates to your team's policies and sensitive-data handling rules (the guides remind reviewers to check for secrets, but avoid pasting private secrets into review comments); and (3) because it's instruction-only, it won't run code or exfiltrate data itself, but be cautious if you copy templates into automation that might call external services.
功能分析
Type: OpenClaw Skill
Name: codereview-assistant
Version: 1.0.0
The 'codereview-assistant' skill bundle consists entirely of markdown documentation and structured instructions for an AI agent to perform code reviews. It promotes security best practices, such as checking for SQL injection and hardcoded secrets, and contains no executable code, network requests, or suspicious prompt-injection attempts (SKILL.md, review-checklist.md).
能力评估
Purpose & Capability
Name/description (code review best practices) match the contents: checklists, templates, per-language notes, and workflows. The skill requests no binaries, env vars, or installs that would be unnecessary for a documentation/template skill.
Instruction Scope
SKILL.md directs the reviewer to read PR descriptions, diffs, linked docs, and run standard review steps — all expected for a code-review assistant. It does not instruct reading unrelated files, accessing credentials, or sending data to external endpoints.
Install Mechanism
No install spec and no code files that execute — lowest-risk pattern for a skill composed of guidance and reference documents.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportional to a documentation-only code-review helper.
Persistence & Privilege
always:false and normal user-invocable/autonomous-invocation defaults. The skill does not request persistent system presence or modify other skills; this is appropriate for its purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install codereview-assistant - 安装完成后,直接呼叫该 Skill 的名称或使用
/codereview-assistant触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial public release of the Code Review Skill.
- Provides structured code review workflow, including focus areas, severity classification, and decision criteria.
- Includes checklists for PR descriptions and review comments.
- Offers language-specific review guidelines for Go, TypeScript/Node.js, Python, and Java/Kotlin.
- Supplies reusable templates for review comments and approvals.
元数据
常见问题
Code Review 是什么?
Code review best practices and workflow skill. Use when: reviewing pull requests, performing peer code review, setting up code review standards, or improving... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 120 次。
如何安装 Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install codereview-assistant」即可一键安装,无需额外配置。
Code Review 是免费的吗?
是的,Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Code Review 支持哪些平台?
Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Review?
由 BingWang(@sydpz)开发并维护,当前版本 v1.0.0。
推荐 Skills