← 返回 Skills 市场
Go Code Review
作者
Kevin Anderson
· GitHub ↗
· v2.3.1
· MIT-0
169
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install go-code-review
功能描述
Reviews Go code for idiomatic patterns, error handling, concurrency safety, and common mistakes. Use when reviewing .go files, checking error handling, gorou...
使用说明 (SKILL.md)
Go Code Review
Review Workflow
Follow this sequence in order. Do not emit findings until every Pass below is satisfied.
-
Baseline
go.mod— Opengo.modand read thegodirective.
Pass: You can state the exactgo X.YYvalue (in the review preamble or working notes). Apply version-gated advice only when it matches this baseline (loop capture pre-1.22,slog/structured logging from 1.21,errors.Joinfrom 1.20). -
Read surrounding code — For each changed
.gofile, read full functions or logical units that contain the edits, not only the diff hunk.
Pass: At least one full enclosing function (or package-levelinit/var block) containing the change was read per changed file. -
Scope the checklist — Decide which Review Checklist blocks apply (error handling, concurrency, interfaces/types, resources, naming). Load references for those blocks; skip blocks that are irrelevant to the diff.
Pass: The review (or working notes) lists which checklist blocks you applied, or marks blocks N/A with a one-line reason tied to the diff (e.g. “no concurrency in change”). -
Pre-report verification — Load and follow review-verification-protocol.
Pass: The protocol’s Pre-Report Verification Checklist is satisfied for each finding you will report (actual code read, surrounding context checked, “wrong” vs “different style” distinguished, etc.).
Hard gates (same sequence, shorter)
| Step | Objective pass condition |
|---|---|
| 1 | go X.YY from go.mod is recorded before version-specific advice. |
| 2 | Full enclosing context read per changed file, not diff-only. |
| 3 | In-scope checklist blocks listed or N/A with diff-tied reason; references opened as needed. |
| 4 | review-verification-protocol completed for every reported issue. |
Output Format
Report findings as:
[FILE:LINE] ISSUE_TITLE
Severity: Critical | Major | Minor | Informational
Description of the issue and why it matters.
Quick Reference
| Issue Type | Reference |
|---|---|
| Missing error checks, wrapping, errors.Join | references/error-handling.md |
| Race conditions, channel misuse, goroutine lifecycle | references/concurrency.md |
| Interface pollution, naming, generics | references/interfaces.md |
| Resource leaks, defer misuse, slog, naming | references/common-mistakes.md |
Review Checklist
Error Handling
- All errors checked (no
_ = errwithout justifying comment) - Errors wrapped with context (
fmt.Errorf("...: %w", err)) -
errors.Is/errors.Asused instead of string matching -
errors.Joinused for aggregating multiple errors (Go 1.20+) - Zero values returned alongside errors
Concurrency
- No goroutine leaks (context cancellation or shutdown signal exists)
- Channels closed by sender only, exactly once
- Shared state protected by mutex or sync types
- WaitGroups used to wait for goroutine completion
- Context propagated through call chain
- Loop variable capture handled (pre-Go 1.22 codebases only)
Interfaces and Types
- Interfaces defined by consumers, not producers
- Interface names follow
-erconvention - Interfaces minimal (1-3 methods)
- Concrete types returned from constructors
-
anypreferred overinterface{}(Go 1.18+) - Generics used where appropriate instead of
anyor code generation
Resources and Lifecycle
- Resources closed with
deferimmediately after creation - HTTP response bodies always closed
- No
deferin loops without closure wrapping -
init()functions avoided in favor of explicit initialization
Naming and Style
- Exported names have doc comments
- No stuttering names (
user.UserService→user.Service) - No naked returns in functions > 5 lines
- Context passed as first parameter
-
slogused overlogfor structured logging (Go 1.21+)
Severity Calibration
Critical (Block Merge)
- Unchecked errors on I/O, network, or database operations
- Goroutine leaks (no shutdown path)
- Race conditions on shared state (concurrent map access without sync)
- Unbounded resource accumulation (defer in loop, unclosed connections)
Major (Should Fix)
- Errors returned without context (bare
return err) - Missing WaitGroup for spawned goroutines
panicfor recoverable errors- Context not propagated to downstream calls
Minor (Consider Fixing)
interface{}instead ofanyin Go 1.18+ codebases- Missing doc comments on exports
- Stuttering names
- Slice not preallocated when size is known
Informational (Note Only)
- Suggestions to add generics where code generation exists
- Refactoring ideas for interface design
- Performance optimizations without measured impact
When to Load References
- Reviewing error return patterns → error-handling.md
- Reviewing goroutines, channels, or sync types → concurrency.md
- Reviewing type definitions, interfaces, or generics → interfaces.md
- General review (resources, naming, init, performance) → common-mistakes.md
Valid Patterns (Do NOT Flag)
These are acceptable Go patterns — reporting them wastes developer time:
_ = errwith reason comment — Intentionally ignored errors with explanation- Empty interface /
any— For truly generic code or interop with untyped APIs - Naked returns in short functions — Acceptable in functions \x3C 5 lines with named returns
- Channel without close — When consumer stops via context cancellation, not channel close
- Mutex protecting struct fields — Even if accessed only via methods, this is correct encapsulation
//nolintdirectives with reason — Acceptable when accompanied by explanation- Defer in loop — When function scope cleanup is intentional (e.g., processing files in batches)
- Functional options pattern —
type Option func(*T)withWith*constructors is idiomatic sync.Poolfor hot paths — Acceptable for reducing allocation pressure in performance-critical codecontext.Background()in main/tests — Valid root context for top-level callsselectwithdefault— Non-blocking channel operation, intentional pattern- Short variable names in small scope —
i,err,ctx,okare idiomatic Go
Context-Sensitive Rules
Only flag these issues when the specific conditions apply:
| Issue | Flag ONLY IF |
|---|---|
| Missing error check | Error return is actionable (can retry, log, or propagate) |
| Goroutine leak | No context cancellation path exists for the goroutine |
| Missing defer | Resource isn't explicitly closed before next acquisition or return |
| Interface pollution | Interface has > 1 method AND only one consumer exists |
| Loop variable capture | go.mod specifies Go \x3C 1.22 |
| Missing slog | go.mod specifies Go >= 1.21 AND code uses log package for structured output |
Before Submitting Findings
Satisfy step 4 in Review Workflow: load review-verification-protocol and complete its pre-report checks for each issue.
安全使用建议
This skill appears to be what it says: an instruction-only Go code reviewer that reads go.mod and changed .go files and produces findings. Before installing or running it, confirm two things: (1) the referenced review-verification-protocol (../review-verification-protocol/SKILL.md) actually exists in the repository or platform and review its contents — the skill points to that external file but does not bundle it; (2) decide what repository access you will grant the agent. The skill will read source files (and surrounding context) in your repo — if those files contain secrets, credentials, or proprietary code you should limit access or inspect the verification protocol first. No credentials or network exfiltration are requested by the skill itself, but repository access is inherently sensitive.
功能分析
Type: OpenClaw Skill
Name: go-code-review
Version: 2.3.1
The skill bundle is a comprehensive and well-structured tool for performing Go code reviews. It contains detailed instructions in SKILL.md and high-quality educational content in the references/ directory (e.g., error-handling.md, concurrency.md) that align perfectly with idiomatic Go practices. No indicators of malicious intent, data exfiltration, or harmful prompt injection were found.
能力评估
Purpose & Capability
Name/description (Go code review) matches what the SKILL.md and reference docs ask the agent to do: read go.mod and .go files, check error handling, concurrency, interfaces, resources, and naming. No unrelated binaries, credentials, or installs are requested.
Instruction Scope
Instructions correctly limit actions to repository files (go.mod and changed .go files plus surrounding context). However the workflow requires following ../review-verification-protocol/SKILL.md (a relative path outside the skill bundle) which is not included in this package — that creates ambiguity about additional checks or external steps the agent will perform. Also the instructions require the agent to read full enclosing functions/contexts in the repo, which is expected for a review but means the agent will access repository source broadly.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files executed on install. This is the lowest-risk install model.
Credentials
No environment variables, credentials, or config paths are requested. The scope of secrets/credentials is minimal and proportionate for a code-review tool.
Persistence & Privilege
always is false and the skill does not request special persistent privileges. Autonomous invocation (default) is allowed but not excessive by itself. The skill does not modify other skills or system config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install go-code-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/go-code-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.3.1
- Enforced a stricter, stepwise review workflow: findings can only be reported after satisfying four explicit review "passes" (Go version read, full context loaded, checklist scoped, and pre-report protocol).
- Added hard gate table summarizing pass/fail objectives for each review stage.
- Required explicit noting of the `go X.YY` baseline and scoping of review checklist blocks per change.
- Emphasized that only version-relevant advice should be applied, based on the actual `go.mod` baseline.
- Clarified the requirement to load and check the review-verification-protocol before reporting any issues.
- All rule content, checklist items, severity calibration, and context-sensitive rules are unchanged.
v2.3.0
- Major update to SKILL.md: clearer workflow, severity definitions, and context-sensitive review criteria for Go code.
- Review process now requires checking `go.mod` for Go version to adjust rules for generics, slog, and loop variable capture.
- Expanded and categorized the review checklist: error handling, concurrency, interfaces/types, resource management, and naming/style.
- Severity and output format standardized; includes precise calibration for critical, major, minor, and informational findings.
- Lists valid Go patterns explicitly to avoid false positives and wasted review effort.
- Emphasizes verifying findings via review-verification-protocol before reporting.
元数据
常见问题
Go Code Review 是什么?
Reviews Go code for idiomatic patterns, error handling, concurrency safety, and common mistakes. Use when reviewing .go files, checking error handling, gorou... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 169 次。
如何安装 Go Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install go-code-review」即可一键安装,无需额外配置。
Go Code Review 是免费的吗?
是的,Go Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Go Code Review 支持哪些平台?
Go Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Go Code Review?
由 Kevin Anderson(@anderskev)开发并维护,当前版本 v2.3.1。
推荐 Skills