← 返回 Skills 市场
Code Review
作者
Emerson Braun
· GitHub ↗
· v1.0.0
· MIT-0
79
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install eb-code-review
功能描述
Multi-agent code review for pull requests. Checks for bugs, CLAUDE.md compliance, git history context, and previous PR comments. Uses confidence scoring to f...
使用说明 (SKILL.md)
Code Review — Multi-Agent PR Review
Provide a thorough, multi-perspective code review for pull requests using parallel agents with confidence-based filtering.
The goal is to find real, impactful bugs while avoiding false positives and nitpicks. A senior engineer wouldn't waste time on trivial issues — neither should this review.
Process
Follow these steps precisely:
1. Eligibility Check (Haiku agent)
Check if the pull request: (a) is closed, (b) is a draft, (c) does not need review (automated PR, trivially simple), or (d) already has a code review from you. If any condition is true, stop.
2. Discover CLAUDE.md Files (Haiku agent)
Get file paths (not contents) of relevant CLAUDE.md files: the root CLAUDE.md and any CLAUDE.md files in directories whose files the PR modified.
3. Summarize the Change (Haiku agent)
View the pull request and return a summary of the change.
4. Parallel Review (5 Sonnet agents)
Launch 5 parallel agents. Each returns a list of issues with the reason each was flagged:
| Agent | Focus |
|---|---|
| #1 — CLAUDE.md Compliance | Audit changes against CLAUDE.md rules. Note: CLAUDE.md is guidance for code writing, so not all instructions apply during review. |
| #2 — Bug Scan | Shallow scan for obvious bugs in the diff only. Focus on large bugs. Avoid nitpicks. Ignore likely false positives. |
| #3 — Git History | Read git blame and history of modified code. Identify bugs in light of historical context. |
| #4 — Previous PRs | Read previous PRs that touched these files. Check for comments that may apply to the current PR. |
| #5 — Code Comments | Read code comments in modified files. Ensure changes comply with guidance in those comments. |
5. Confidence Scoring (parallel Haiku agents)
For each issue found, launch a Haiku agent that scores confidence 0-100:
| Score | Meaning |
|---|---|
| 0 | False positive. Doesn't hold up to scrutiny, or pre-existing issue. |
| 25 | Might be real, might be false positive. Unable to verify. Stylistic issues not in CLAUDE.md. |
| 50 | Verified real issue, but may be a nitpick or rare in practice. Not very important relative to the PR. |
| 75 | Double-checked and very likely real. Will be hit in practice. Existing approach is insufficient. Directly mentioned in CLAUDE.md. |
| 100 | Absolutely certain. Confirmed real, happens frequently. Evidence directly confirms. |
For CLAUDE.md issues, the agent must double-check that the CLAUDE.md actually calls out that issue specifically.
6. Filter
Discard issues scoring below 80. If no issues remain, proceed to step 8 with "no issues found."
7. Re-check Eligibility (Haiku agent)
Repeat the eligibility check from step 1 to make sure the PR is still eligible.
8. Post Comment
Use gh pr comment to post the review. Keep it brief, no emojis, cite and link relevant code/files/URLs.
Format (with issues):
### Code review
Found N issues:
1. \x3Cbrief description> (CLAUDE.md says "\x3C...>")
\x3Clink to file and line with full SHA + line range>
2. \x3Cbrief description> (bug due to \x3Cfile and code snippet>)
\x3Clink to file and line with full SHA + line range>
Format (no issues):
### Code review
No issues found. Checked for bugs and CLAUDE.md compliance.
Link format: https://github.com/owner/repo/blob/\x3Cfull-sha>/path/to/file.ts#L10-L15
- Must use full git SHA (not HEAD or short hash)
- Include 1 line of context before and after the issue
- Line range:
L[start]-L[end]
False Positives to Ignore
These are NOT real issues:
- Pre-existing issues (not introduced by this PR)
- Something that looks like a bug but isn't
- Pedantic nitpicks a senior engineer wouldn't mention
- Issues a linter, typechecker, or compiler would catch (imports, types, formatting)
- General code quality issues (coverage, docs) unless required by CLAUDE.md
- CLAUDE.md violations explicitly silenced in code (lint ignore comments)
- Intentional functionality changes related to the broader change
- Real issues on lines the user did not modify
Notes
- Do NOT check build signal, build, or typecheck. Those run separately in CI.
- Use
ghfor all GitHub interactions (not web fetch) - Make a todo list first to track progress
- Cite and link every bug (if from CLAUDE.md, link the specific file)
- Consult
references/review-patterns.mdfor advanced review patterns including blast-radius analysis, structured output templates, and test coverage gap detection.
安全使用建议
This skill appears to implement a reasonable multi-agent PR review process, but a few things don't add up — decide before installing. Key points to consider:
- gh CLI required: The SKILL.md expects to run gh (gh pr view, gh pr diff, gh pr comment, gh issue list/search). The skill metadata did not declare gh as a required binary. Ensure your agent environment actually has gh and understand that gh uses local auth (GH_TOKEN/GITHUB_TOKEN or gh auth) — the skill will need access to those credentials to read PRs and to post comments.
- Credentials and scopes: To post PR comments the agent needs write permission on the repository. The skill did not document required auth type or minimal scopes. Prefer creating a token with the narrowest possible scope and test in a non-production repo first.
- CLAUDE.md contradiction: The instructions say to get file paths but not contents for CLAUDE.md, yet later require auditing against CLAUDE.md rules (which requires reading contents). Clarify whether the skill will read CLAUDE.md contents and whether CLAUDE.md may contain sensitive info.
- Data access: The skill will read commit history, blame, previous PRs and modified file contents. Ensure you are comfortable with an automated agent accessing your repo history and posting comments automatically.
- Testing recommendation: Run the skill on a small, non-sensitive repository or a test PR to observe behavior and required permissions. Ask the skill author to explicitly declare required binaries (gh), required environment variables or token scopes, and to fix the CLAUDE.md read-vs-path inconsistency. If you need a stricter guarantee, require the skill to document exact gh commands and minimum GitHub token scopes before granting write access.
Confidence note: medium — the overall purpose is coherent but the missing declarations around tooling and credentials and the CLAUDE.md contradiction create unresolved risks. Additional information (explicit required binaries, exact auth requirements, or an updated SKILL.md that removes the contradiction) would raise confidence to high.
功能分析
Type: OpenClaw Skill
Name: eb-code-review
Version: 1.0.0
The skill bundle implements a sophisticated multi-agent workflow for performing GitHub pull request reviews. It uses the GitHub CLI (`gh`) to fetch PR data, analyze diffs, and post comments, with specific instructions in `SKILL.md` for confidence-based filtering and historical context analysis. The tool permissions are appropriately restricted to relevant `gh` subcommands, and the logic in `references/review-patterns.md` aligns with standard senior engineering practices without any signs of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
The SKILL.md clearly expects to drive GitHub via the gh CLI (view PRs, diffs, blame, post comments). However the top-level metadata lists no required binaries or primary credential. Declaring no required binaries or credentials is inconsistent with the skill's stated need to run gh and to post PR comments.
Instruction Scope
Instructions stay within code-review scope (read diffs, blame, previous PRs, CLAUDE.md rules, then post a gh pr comment). One internal contradiction: step 2 says to "Get file paths (not contents) of relevant CLAUDE.md files," but later steps require auditing against CLAUDE.md rules and double-checking CLAUDE.md text. That implies reading file contents, so the behavior is underspecified.
Install Mechanism
Instruction-only skill with no install spec or downloads. This minimizes surface area; nothing will be written to disk by an installer from the skill bundle itself.
Credentials
The skill will need GitHub credentials or a configured gh session to read PR data and to post comments (write access). Yet requires.env and primary credential are empty. The skill does not document the required auth scope (read vs write) or recommend limiting tokens, which is a proportionality/visibility gap.
Persistence & Privilege
always:false and no install hooks; the skill does not request permanent presence or system-wide changes. It will run only when invoked and relies on platform tooling (gh).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install eb-code-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/eb-code-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Version 1.0.0 — Initial Release
- Adds automated multi-agent code review for pull requests, focusing on bugs, CLAUDE.md compliance, git history, and previous PR comments.
- Utilizes parallel agent architecture and confidence scoring to minimize false positives and avoid nitpicks.
- Only flags significant, verifiable issues; issues must score at least 80/100 confidence to be reported.
- Review process ignores pre-existing problems, stylistic nitpicks, and issues outside the scope of the modified code.
- Provides concise, well-linked GitHub PR comments with clear and actionable feedback.
元数据
常见问题
Code Review 是什么?
Multi-agent code review for pull requests. Checks for bugs, CLAUDE.md compliance, git history context, and previous PR comments. Uses confidence scoring to f... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 79 次。
如何安装 Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install eb-code-review」即可一键安装,无需额外配置。
Code Review 是免费的吗?
是的,Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Code Review 支持哪些平台?
Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Review?
由 Emerson Braun(@emersonbraun)开发并维护,当前版本 v1.0.0。
推荐 Skills