← 返回 Skills 市场
klesenchang

gstack-review-skill

作者 Klesenchang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
279
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install gstack-review-skill
功能描述
Garry Tan's gstack-inspired multi-perspective code review for OpenClaw. Triggered when user asks to review code, run /review, review a PR/branch/changes, or...
使用说明 (SKILL.md)

gstack-review: Multi-Perspective Code Review

Review Framework

When asked to review code, follow this three-perspective framework. Run all steps systematically.

Step 0: Detect What to Review

Priority order for review scope:

  1. Uncommitted changes (git diff HEAD) — if working directory is dirty
  2. Specific files mentioned by user
  3. Branch diff vs main — if on a feature branch
  4. Recent commits — if no clear scope
# Check working tree status
git status --short

# Get uncommitted changes
git diff HEAD

# Get committed changes on current branch vs origin/main
BRANCH=$(git branch --show-current 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
MAIN_BRANCH=$(git main-branch 2>/dev/null || echo "main")
git log ${MAIN_BRANCH}..${BRANCH} --oneline 2>/dev/null | head -20
git diff ${MAIN_BRANCH}..${BRANCH} 2>/dev/null | head -500

# List changed files
git diff --name-only ${MAIN_BRANCH}..${BRANCH} 2>/dev/null

Step 1: Gather Context

Before reviewing, collect:

# Project type and language
ls *.json *.toml *.yaml *.gradle *.xml Makefile package.json 2>/dev/null | head -5
cat package.json 2>/dev/null | grep '"name"\|"scripts"' | head -5

# Run tests (silently, capture exit code)
TEST_OUTPUT=$(npm test 2>&1 || pytest 2>&1 || cargo test 2>&1 || true)
TEST_EXIT=$?

# Type check / lint
LINT_OUTPUT=$(npm run lint 2>&1 || npx tsc --noEmit 2>&1 || true)

# Build check
BUILD_OUTPUT=$(npm run build 2>&1 || cargo build 2>&1 || true)
BUILD_EXIT=$?

Step 2: Read Changed Files

For each changed file, read the full content to understand context. Don't just look at the diff — read the surrounding code.

For each file in the diff:
  1. Read the full file (not just changed lines — context matters)
  2. Identify what the code actually does vs. what the diff claims
  3. Note any files that are only binary/generated (skip detailed review)

Step 3: CEO / Product Perspective

Ask: Does this code serve the business and users?

Review from a product-thinking perspective:

  • Correctness: Does this actually solve the stated problem?
  • Complexity: Is this 10x simpler than the previous approach? Or did we add an abstraction layer that solves nothing?
  • Product signal: Is this a feature users asked for, or engineer-invented complexity?
  • Scope creep: Did the diff grow beyond its original purpose?
  • Tech vs business: Is this engineering for its own sake, or does it genuinely ship value?

Key question: "If I had to explain this change to the CEO in 30 seconds, would they be excited or confused?"

Step 4: Engineering Perspective

Ask: Is this code sound, maintainable, and safe?

  • Architecture: Does this fit the existing patterns? Or did we invent a new framework within a framework?
  • Error handling: Are all failure modes handled? (network, disk, invalid input, timeouts)
  • Resource management: Connections closed? Memory leaked? Background tasks cancelled?
  • Dependencies: Did we add a new heavy dependency when a stdlib call would suffice?
  • Security: SQL injection, XSS, auth bypass, secrets in code, overly permissive CORS?
  • Performance: N+1 queries? Unindexed queries in loops? Memory-allocating operations in hot paths?
  • API design: Are interfaces clean and composable, or did we leak internal state?

Code quality signals:

  • Functions under 30 lines? Exceptions are allowed but need strong justification.
  • Meaningful variable/function names? No temp2_final_v3 patterns.
  • Comments that explain why, not what? (the code shows what)
  • Tests that test behavior, not implementation?

Step 5: QA / Testing Perspective

Ask: Would this pass a senior engineer's gut check for correctness?

  • Test coverage: Are the changed paths actually tested? Not just "tested" but validated?
  • Edge cases: Empty input, max length, null bytes, unicode edge cases, concurrent access
  • Happy path: Does the main user flow actually work end-to-end?
  • Failure modes: What breaks when this code is wrong? Can a user detect it?
  • Smoke tests: Does it at least import/parse/load without crashing?
  • Test quality: Are tests asserting on behavior or mocking everything and asserting on internals?

Step 6: Assemble the Review

Present a structured review with three clearly labeled sections.

Review Output Template

# Code Review: [BRANCH_NAME] — [DATE]
═══════════════════════════════════════════════

## Summary
[One paragraph: what changed and why. If this were a commit message, is it a good one?]

**Files changed:** N files | **Lines:** +N -N
**Tests:** [PASS/FAIL/NONE] | **Build:** [PASS/FAIL/NONE] | **Lint:** [PASS/FAIL/NONE]

---

## 🏛️ CEO / Product Review
[Bulleted findings. Flag concerns in 🔴, praise good decisions in ✅]

**Verdict:** [Clear statement — ship it, rework it, or discuss with the team]

---

## ⚙️ Engineering Review
[Bulleted findings. Group by category: Architecture, Security, Performance, Code Quality]

**Verdict:** [Clear statement]

---

## 🧪 QA / Testing Review
[Bulleted findings. Group by: Coverage, Edge Cases, Correctness]

**Verdict:** [Clear statement]

---

## Action Items
- [ ] [Priority] [Specific actionable item — who should fix it and how]
- [ ] [Priority] ...

**Overall:** ✅ APPROVED TO SHIP / ⚠️ REVISIONS NEEDED / ❌ BLOCKED
═══════════════════════════════════════════════

Review Principles

  1. Be direct. Don't hedge. "This is wrong" is more useful than "this might be worth considering."
  2. Distinguish severity. A missing test on a utility function ≠ a SQL injection vulnerability.
  3. Context matters. Code that looks wrong in isolation might be the right solution for the system.
  4. ** Praise good work.** If the code is clean, simple, and well-tested, say so. Reinforce the pattern.
  5. Actionable over academic. "Consider using a WeakMap" is less useful than "Replace new Map() with new WeakMap() on line 42 to avoid memory leaks in the closure."
  6. No bikeshedding. Don't flag style preferences that a linter wouldn't flag. Focus on what matters.

When to Escalate (Don't Review Alone)

Escalate to human review for:

  • 🔴 Security vulnerabilities (auth bypass, injection, data exposure)
  • 🔴 Breaking changes to external APIs or database schemas
  • 🔴 Complex concurrency or distributed systems changes without expert review
  • 🔴 Changes to payment, billing, or access control logic
  • 🔴 Anything that would require a rollback plan

Inspired by Garry Tan's gstack (github.com/garrytan/gstack) — ported for OpenClaw.

安全使用建议
This skill is internally consistent for a code-review tool: it reads repository files, diffs, and runs tests/builds to gather context and produce multi-perspective feedback. Before installing or invoking it, be aware that the runtime steps include executing project test/build commands which can run arbitrary code from the repository — avoid running it on highly sensitive machines or on untrusted repositories. If you want lower risk, require the agent to ask for explicit permission before running tests/builds, run reviews in a sandbox or CI environment, or use a read-only review mode (only read files and diffs, do not execute tests). No credentials or external downloads are requested by this skill.
功能分析
Type: OpenClaw Skill Name: gstack-review-skill Version: 1.0.0 The gstack-review skill is a legitimate tool designed to provide multi-perspective code reviews (CEO, Engineering, QA) by analyzing git diffs and running standard development commands like 'npm test' or 'pytest'. While it executes shell commands to gather context and run tests, these actions are strictly aligned with its stated purpose and do not exhibit signs of data exfiltration, persistence, or malicious intent. The skill follows a structured framework (SKILL.md) and provides a clear template for reporting findings.
能力评估
Purpose & Capability
Name/description (multi-perspective code review) match the instructions: the SKILL.md focuses on git diffs, reading changed files, running tests, lint/build, and producing CEO/Engineering/QA reviews. There are no unrelated environment variables, installers, or external service keys requested.
Instruction Scope
Instructions explicitly tell the agent to run git commands, read whole files from the repo, run tests (npm/pytest/cargo), lint, and build. That is coherent for an automated review, but running tests/builds executes repository code and arbitrary scripts — a security/operational risk in untrusted or sensitive environments. The SKILL.md does not instruct the agent to access external endpoints or secret env vars, nor to persist credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written to disk by the skill itself, which reduces installation risk.
Credentials
No environment variables, credentials, or config paths are requested. Required actions are limited to local repository files and standard dev tooling commands, which is proportionate to a code-review task.
Persistence & Privilege
always is false and there is no request to modify other skills or system-wide settings. The skill does not request permanent presence or extra privileges beyond running commands when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install gstack-review-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /gstack-review-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of gstack-review providing a multi-perspective code review framework for OpenClaw. - Reviews code from CEO (product), Engineering (architecture), and QA (correctness) viewpoints. - Detects review scope (uncommitted changes, specified files, branches, or recent commits). - Runs automated context-gathering: project detection, tests, linting, and build checks. - Supplies a detailed review template with clear action items and escalation rules.
元数据
Slug gstack-review-skill
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

gstack-review-skill 是什么?

Garry Tan's gstack-inspired multi-perspective code review for OpenClaw. Triggered when user asks to review code, run /review, review a PR/branch/changes, or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 279 次。

如何安装 gstack-review-skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gstack-review-skill」即可一键安装,无需额外配置。

gstack-review-skill 是免费的吗?

是的,gstack-review-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

gstack-review-skill 支持哪些平台?

gstack-review-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 gstack-review-skill?

由 Klesenchang(@klesenchang)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论