← 返回 Skills 市场

golang-code-review

Name: golang-code-review
Author: knifean

作者 knifeAn · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

292

总下载

当前安装

版本数

在 OpenClaw 中安装

/install golang-code-review

功能描述

Provides comprehensive Golang code reviews for Git merge commits, checking format, quality, best practices, security, and generating detailed Markdown reports.

使用说明 (SKILL.md)

🐛 golang-code-review - Golang 代码审查技能

功能描述

此技能对 Git merge 提交的 Golang 代码进行全面的代码审查，包括：

格式检测：遵循 gofmt、goimports 等 Go 语言标准格式规范
合理性和质量检测：使用静态分析工具（如 staticcheck, unused, errcheck）
最佳实践检查：参考 Go Code Review Comments (https://github.com/golang/go/wiki/CodeReviewComments)
安全漏洞扫描：检测常见安全问题（SQL 注入、XSS、不安全的反序列化等）

输出报告

生成详细的 Markdown 报告，包含：

📋 总体评分
⚠️ 问题分类和严重等级
🔧 修复建议
📊 代码度量（复杂度、行数、空白检测）

规范参考

Go Code Review Comments: https://github.com/golang/go/wiki/CodeReviewComments
Go Error Handling: https://github.com/golang/go/wiki/ErrorHandlingBestPractices
Effective Go: https://golang.org/doc/effective_go.html
GO linting rules (https://staticcheck.io)

安全使用建议

This skill is not clearly what it claims: the description promises full, commit-aware static analysis but the included program only performs simple, file-level, line-based heuristics and doesn't call staticcheck/errcheck or inspect Git diffs. That likely means it's incomplete or misleading rather than malicious, but you should not rely on it for security reviews. Before installing or using it: - Treat it as untrusted/experimental: run it on non-sensitive code and inspect outputs first. - If you need true static analysis, prefer tools that explicitly invoke and return results from staticcheck/errcheck/gofmt, or add code to this skill to call those tools and handle their outputs. - Be aware the report logic is buggy (many rules are unimplemented and may produce empty/incorrect issue entries); review index.go or test it locally. - Confirm whether you (or the agent) will run the external linters the SKILL.md recommends — the skill does not run them itself. If you want to change this assessment, provide updated code that actually invokes the declared linters or processes Git diffs/merge commits, or a clear rationale why file-level checks meet the stated merge-review purpose.

功能分析

Type: OpenClaw Skill Name: golang-code-review Version: 1.0.0 The skill bundle provides a basic Golang code review tool. The core logic in `index.go` performs simple static analysis, such as checking for unhandled errors and unused imports, while `SKILL.md` and `config.md` provide instructions for integrating standard Go linting tools like `staticcheck` and `gofmt`. Although the implementation is rudimentary and contains a minor syntax error in `index.go`, there is no evidence of malicious intent, data exfiltration, or unauthorized execution.

能力评估

⚠ Purpose & Capability

The description promises comprehensive reviews for Git merge commits using tools like gofmt, goimports, staticcheck and errcheck. The SKILL.md recommends those tools, but the bundled index.go does not call any external analyzers or interact with Git — it only reads a single file path passed as an argument and runs a few simple string/regex checks. That is a functional mismatch: the skill does not actually implement the heavy-weight static analysis or commit/diff awareness its description advertises.

ℹ Instruction Scope

SKILL.md's runtime instructions are limited to recommending installing go static analysis tools and showing a Git hook example; it does not instruct the agent to read unrelated system files, exfiltrate data, or contact external endpoints. However, the instructions assume use of external tools that the code does not invoke, leaving scope ambiguous (user or agent must run those tools separately).

✓ Install Mechanism

There is no install spec (instruction-only). SKILL.md suggests go install commands for common linters — this is normal and lower risk than an automatic remote download/extract. No URLs, no extracted archives, and no package installs performed by the skill itself.

✓ Credentials

The skill does not request any environment variables, credentials, or config paths. SKILL.md and code do not access secrets or other unrelated environment state. Requested permissions are proportional (none).

✓ Persistence & Privilege

The skill is not always-enabled and has no install-time persistence. It does not modify other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk behaviors here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install golang-code-review
安装完成后，直接呼叫该 Skill 的名称或使用 /golang-code-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of golang-code-review-axd. - Released version 1.0.0. - Provides code review capabilities for Go (Golang) projects.

元数据

Slug golang-code-review

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题