← 返回 Skills 市场
120
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install goudantest
功能描述
Advanced code review assistant with intelligent analysis, multi-language support, and structured feedback. Performs comprehensive reviews covering correctnes...
使用说明 (SKILL.md)
Code Review v2
Intelligent Review Workflow
Phase 1: Context Analysis
Before reviewing code, understand the context:
- Identify change scope: What files/modules are affected?
- Understand intent: Read PR description, linked issues, commit messages
- Assess risk level: -🔴High**: Core logic, auth, payment, data handling, public APIs -Medium**: Business logic, internal APIs, utilities -Low**: Tests, docs, config, minor refactoring
- Determine review depth based on risk level
Phase 2: Automated Analysis
Run these checks mentally before manual review:
□ Static analysis patterns (type mismatches, unused imports, dead code)
□ Security patterns (injection, unsafe deserialization, hardcoded secrets)
□ Performance patterns (N+1 queries, unbounded loops, missing indexes)
□ Concurrency patterns (race conditions, deadlocks, missing synchronization)
Phase 3: Manual Review
Follow the CHECKLIST.md for systematic review.
Phase 4: Feedback Generation
Use templates from TEMPLATES.md for structured feedback.
Quick Reference: Review Dimensions
| Dimension | Focus Area | Key Questions |
|---|---|---|
| Correctness | Logic, edge cases | Does it work correctly in all scenarios? |
| Security | Vulnerabilities, data protection | Are there security risks or data leaks? |
| Performance | Efficiency, resource usage | Will this scale? Any bottlenecks? |
| Maintainability | Readability, structure | Can others understand and modify this? |
| Observability | Logging, monitoring, debugging | Can we detect and diagnose issues? |
| Testing | Coverage, quality | Are changes adequately tested? |
Severity Classification
| Level | Icon | When to Use | Response Required |
|---|---|---|---|
| Blocker | Security vulnerability, data loss, crash | Must fix before merge | |
| Critical | 🔴 Bug, incorrect logic, broken functionality | Must fix before merge | |
| Warning | Code smell, suboptimal pattern, minor issue | Should address | |
| Suggestion | 💡 Improvement opportunity, alternative approach | Consider | |
| Info | ℹ | Observation, documentation note | Optional |
Language-Specific Quick Checks
Python
□ Type hints on public functions
□ No mutable default arguments
□ Context managers for resources
□ f-strings over .format() or %
□ Proper exception handling (not bare except)
□ __init__.py exports are intentional
JavaScript / TypeScript
□ async/await with try-catch (no unhandled promises)
□ No implicit any (TypeScript strict mode)
□ Proper null/undefined handling
□ No direct DOM manipulation in React
□ Keys in list rendering
□ useEffect dependencies complete
Java
□ try-with-resources for Closeable
□ Optional for nullable returns
□ Proper equals/hashCode implementation
□ No raw types (generics)
□ Stream API used appropriately
□ Thread safety considered
Go
□ Error handling (not ignored)
□ defer for cleanup
□ Context passed as first parameter
□ No goroutine leaks
□ Proper mutex usage
□ go vet and golangci-lint clean
Rust
□ No unnecessary clones
□ Proper error types (Result)
□ Lifetimes annotated correctly
□ No unsafe blocks without justification
□ Iterator chains over loops where appropriate
□ Clippy warnings addressed
C#
□ async/await patterns correct
□ using statements for IDisposable
□ Nullable reference types enabled
□ LINQ queries efficient
□ Proper exception filtering
□ CancellationToken usage
Ruby
□ No N+1 queries (includes/eager_load)
□ Proper error handling (rescue)
□ Bang methods for mutating operations
□ Frozen string literals
□ RuboCop clean
PHP
□ Type declarations on parameters/returns
□ Prepared statements (no SQL injection)
□ Proper error handling (try-catch)
□ No global state
□ PSR standards followed
Common Anti-Patterns to Flag
Security
- Hardcoded credentials or API keys
- SQL/NoSQL injection via string interpolation
- XSS via unescaped output
- Insecure deserialization
- Missing rate limiting on public endpoints
- Overly permissive CORS configuration
Performance
- N+1 query patterns
- Unbounded result sets (missing LIMIT)
- Synchronous operations in hot paths
- Missing caching for expensive computations
- Inefficient data structures (O(n²) where O(n log n) possible)
- Memory leaks (unclosed resources, growing caches)
Maintainability
- God classes or functions over 50 lines
- Deep nesting (3+ levels)
- Magic numbers without constants
- Duplicated logic across files
- Tight coupling between modules
- Missing or outdated documentation
Concurrency
- Race conditions on shared state
- Missing synchronization primitives
- Deadlock potential (lock ordering)
- Thread-unsafe collections
- Improper async/await usage
Review Output Formats
Format 1: Markdown (Default)
See TEMPLATES.md for detailed markdown templates.
Format 2: JSON (Machine-Readable)
{
"summary": "Brief overview",
"issues": [
{
"severity": "critical",
"file": "src/auth.py",
"line": 42,
"category": "security",
"message": "SQL injection vulnerability",
"suggestion": "Use parameterized queries"
}
],
"positive_notes": ["Good use of type hints"],
"recommendation": "approve_with_changes"
}
Format 3: Checklist Report
Review Summary for PR #123
==========================
[✓] Correctness - 2 issues found
[✓] Security - 1 critical issue
[✓] Performance - No issues
[✓] Maintainability - 3 suggestions
[✓] Testing - Coverage adequate
[✓] Observability - Missing error context
Recommendation: Changes required before merge
Additional Resources
- CHECKLIST.md - Comprehensive review checklist
- TEMPLATES.md - Feedback templates for various scenarios
- examples.md - Real-world review examples
安全使用建议
This skill is internally coherent and doesn't request installs or credentials. Before using it, avoid pasting secrets or private keys into the review text (the assistant will analyze any code you provide). If you want it to review a repository, prefer granting minimal, read-only access through your normal tooling rather than copy-pasting sensitive files into chat. Also note the agent may request PR/commit context from you — only supply data you intend to be reviewed.
功能分析
Type: OpenClaw Skill
Name: goudantest
Version: 1.0.0
The skill bundle is a comprehensive and well-structured framework for an AI agent to perform multi-language code reviews. It includes detailed instructions in SKILL.md, a robust security and performance checklist in CHECKLIST.md, and various feedback templates in TEMPLATES.md. While examples.md contains snippets of vulnerable code (such as SQL injection and resource leaks), these are explicitly used as test cases to demonstrate how the agent should identify and report vulnerabilities. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection.
能力评估
Purpose & Capability
Name/description (advanced code review) match the SKILL.md content, templates, checklist and examples. The skill is instruction-only and does not request unrelated binaries, environment variables, or config paths.
Instruction Scope
SKILL.md confines itself to reviewing code, reading PR descriptions/commit messages/linked issues and producing structured feedback. It asks reviewers to look for malicious code/exfiltration in reviewed sources — which is appropriate for a code-review assistant. It does not instruct reading unrelated system files or exfiltrating data to external endpoints.
Install Mechanism
No install spec or code files are present; the skill is instruction-only so nothing is written to disk or downloaded during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no disproportionate secret or credential requests relative to the described functionality.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request persistent/system-wide presence or modify other skills or configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install goudantest - 安装完成后,直接呼叫该 Skill 的名称或使用
/goudantest触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
code-review-v2 v1.0.0 initial release
- Introduces an advanced code review assistant supporting intelligent analysis and multi-language code review.
- Implements structured workflows for context analysis, automated static and security checks, and phased manual review.
- Provides detailed review dimensions (correctness, security, performance, maintainability, observability, testing) and severity classification.
- Includes quick reference language-specific checklists for Python, JavaScript/TypeScript, Java, Go, Rust, C#, Ruby, and PHP.
- Outlines common anti-patterns to flag and offers flexible output formats (Markdown, JSON, checklist).
- Links to comprehensive checklists, feedback templates, and example reviews for in-depth guidance.
元数据
常见问题
goudantest 是什么?
Advanced code review assistant with intelligent analysis, multi-language support, and structured feedback. Performs comprehensive reviews covering correctnes... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 120 次。
如何安装 goudantest?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install goudantest」即可一键安装,无需额外配置。
goudantest 是免费的吗?
是的,goudantest 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
goudantest 支持哪些平台?
goudantest 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 goudantest?
由 Gou1995(@gou1995)开发并维护,当前版本 v1.0.0。
推荐 Skills