← 返回 Skills 市场
661
总下载
0
收藏
1
当前安装
10
版本数
在 OpenClaw 中安装
/install iterative-code-review
功能描述
Iterative code review using multiple independent subagent reviews. Use when user asks to review PR, code, or mentions "review", "审查", "检查代码", "代码质量". Assists...
使用说明 (SKILL.md)
Code Review Skill
Iterative code review through parallel independent subagent reviews with user confirmation at each step.
⚠️ 用户控制 vs 自动化
默认行为(安全模式):
- ✅ 每一步都需要用户确认
- ❌ 不会自动修改代码
可选:自动化模式(需手动启用):
用户可通过配置文件启用 autoFix 和 autoContinue。详见 references/automation.md。
┌─────────────────────────────────────────────────────────┐
│ 默认:安全模式 │
│ - 每步都需要用户确认 │
│ - 适合:重要项目、首次使用 │
│ │
│ 可选:自动化模式(需要手动配置启用) │
│ - autoFix=true: 发现问题后自动修复 │
│ - autoContinue=true: 修复后自动继续下一轮 │
│ ⚠️ 警告:会自动修改代码! │
└─────────────────────────────────────────────────────────┘
Pre-flight Checks
开始 Review 前,必须执行以下检查:
| Check | 说明 |
|---|---|
| Model Selection | 用户选择或确认使用的模型 |
| maxSpawnDepth | ≥1 才能继续 |
| 变更规模检测 | 根据文件数调整超时时间 |
| 新增代码识别 | 审查新增代码的安全性 |
| PR 历史检查 | 避免重复发现已修复的问题 |
| Review 模式 | Full Review 或 Delta Review |
Workflow
Round Structure
┌─────────────────────────────────────────────────────────┐
│ Review Round N │
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │Reviewer1│ │Reviewer2│ │Reviewer3│ ← 并行 3 个 │
│ └────┬────┘ └────┬────┘ └────┬────┘ │
│ └────────────┼────────────┘ │
│ ▼ │
│ ┌──────────────┐ │
│ │ 汇总问题列表 │ │
│ └──────┬───────┘ │
│ ▼ │
│ ┌──────────────┐ │
│ │ 用户确认 │ ← 是否继续修复? │
│ └──────┬───────┘ │
│ ▼ │
│ ┌──────────────┐ │
│ │ Fixer │ ← 用户同意后才执行 │
│ └──────────────┘ │
└─────────────────────────────────────────────────────────┘
Reviewer 关注点
| Reviewer | 关注点 |
|---|---|
| Reviewer-1 | 功能正确性、测试覆盖 |
| Reviewer-2 | 代码质量、最佳实践 |
| Reviewer-3 | 安全性、边界情况 |
退出标准
- 连续 两轮 无 >= severityThreshold 的问题
- 或达到 maxRounds 限制
- 用户决定结束
Final Round 特殊要求
Final Round 必须采用 Full Review 模式!
- 必须 Full Review - 不是 Delta Review
- 必须验证编译和测试 -
npm run build+npm test - 使用更长超时 - 全量审查需要更多时间
- 审查所有历史修复 - 确认所有 Round 的问题都已修复
Issue Severity
| Level | Definition | Fix |
|---|---|---|
| P0 | Critical | 建议 |
| P1 | High | 建议 |
| P2 | Medium | 建议 |
| P3 | Low | 可选 |
Key Points
- 用户控制 - 默认每一步都需要用户确认
- 自动化可选 - 通过配置启用自动修复
- PR 历史检查 - 避免重复发现已修复的问题
- Final Round 必须 Full Review - 全量审核
- 3 个 reviewer 并行 - 最大化问题发现
- MAX_ROUNDS = 10 - 防止无限循环
Safety Boundaries
✅ 允许:读取代码、运行只读命令、Spawn subagent 分析、报告问题
⚠️ 需确认:修改文件、git commit、npm install/build、Spawn Fixer
❌ 禁止:未经同意修改代码、自主运行多轮修复、自主提交
References
- automation.md - 自动化偏好配置详解
- preflight.md - Pre-flight Checks 详细步骤
- workflow.md - Workflow 详细说明
- checklist.md - 审查清单
- issue-severity.md - Issue 严重级别
- final-round.md - Final Round 详细指南
安全使用建议
This skill appears to be what it claims: a guided, iterative code-review helper. Before using it, review and consider the following: 1) Keep autoFix and autoContinue disabled unless you trust the repository and have backups — enabling them lets the skill automatically modify code. 2) The skill may run npm build/test and other repository scripts; these execute code from the repository and can have side effects (network access, spawning processes). Run on trusted repositories or in a sandbox. 3) The skill reads/writes a preferences file at ~/.openclaw/workspace/.iterative-code-review/preferences.json — inspect that file before enabling automation. 4) Confirm you are comfortable with the skill using your local git/gh credentials (it does not request tokens but will use configured CLI auth). 5) Note the small metadata mismatch: required tooling is documented in SKILL.md but not in registry binary metadata; ensure your environment has the listed tools before use.
功能分析
Type: OpenClaw Skill
Name: iterative-code-review
Version: 1.2.1
The 'iterative-code-review' skill is a well-documented tool designed to facilitate multi-agent code analysis. It features clear safety boundaries, emphasizing user confirmation by default before any code modifications (autoFix) occur. The logic involves standard development tools (git, gh, npm, jq) and follows a transparent workflow across files like SKILL.md and workflow.md, with no evidence of data exfiltration, obfuscation, or malicious prompt injection.
能力评估
Purpose & Capability
Name/description (iterative code review) align with the instructions: the SKILL.md expects git/gh/jq/node/npm, performs git diffs, spawns reviewers/fixers, and optionally applies fixes. The only minor mismatch is that the registry metadata lists no required binaries while SKILL.md documents required tooling; this is an informational mismatch but not a substantive incoherence.
Instruction Scope
Instructions stay within review scope: reading repo diffs, commit history, running build/tests, spawning subagents, and optionally applying fixes. Important safety note: the skill explicitly supports autoFix/autoContinue which will modify code and can perform automated multi-round fixes if enabled in ~/.openclaw/workspace/.iterative-code-review/preferences.json. Also it instructs running repo build/test commands (npm run build / npm test) which will execute repository code and test scripts — this is expected for a review tool but is an operational risk when the repository contains untrusted code.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute from an external download. No package installs or external archives are written to disk by the skill itself.
Credentials
The skill does not request environment variables or external credentials. It references local tooling (git, gh) which will use the user's existing auth if present. It does read a local preferences file under the user's home (~/.openclaw/workspace/.iterative-code-review/preferences.json) — this is proportional to providing user-configurable automation settings.
Persistence & Privilege
always:false and no installation makes this non-persistent. The skill will read and may write its own preferences file in the user's home workspace. The primary privilege concern is the optional autoFix/autoContinue behavior which — if the user enables it — allows automatic code modification, spawning of fixer subagents, and automated multi-round changes; by default those are disabled and user confirmation is required.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install iterative-code-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/iterative-code-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
Version 1.2.1
- Added compatibility information, listing required and optional tools in SKILL.md.
- Updated version number to 1.2.0 in SKILL.md.
- No code or logic changes; documentation improvement only.
v1.2.0
**Refactored documentation into modular reference files and simplified main workflow.**
- Split automation, pre-flight checks, and workflow guides into dedicated markdown files for clarity.
- Updated SKILL.md to reference new docs, reducing duplication and improving maintainability.
- Streamlined explanations and usage instructions for automation settings.
- No logic or behavior changes; this release restructures and clarifies documentation only.
v1.1.0
- Update version to 1.1.0 in metadata.
- No functional or workflow changes; documentation and configuration details remain unchanged.
v1.0.5
- Major update: clarified automation vs. user control and deprecated old config method.
- Added prominent warning and table comparing default (safe) mode with automation options.
- Stressed that autoFix/autoContinue require explicit user config and may alter code automatically.
- Updated configuration instructions to prioritize workspace config file; marked global config as deprecated.
- Added safety warnings encouraging interactive mode for critical projects.
- Bumped version to 3.4 to reflect documentation overhaul and clarify safety/automation best practices.
v1.0.4
- Introduced user-configurable automation preferences for the review workflow (autoFix, autoContinue, maxRounds, severityThreshold).
- Added support for reading workspace-specific and global config files to customize review automation.
- Updated workflow to support automatic fixing and round advancement based on user preference.
- Enhanced documentation detailing how configuration is loaded and merged, with example scripts and behavior matrix.
- Default flow remains user-controlled and interactive, but can be customized for automation via config.
v1.0.3
- No file/content changes detected in this version.
- Version incremented for metadata or packaging update only.
- No impact on functionality or behavior.
v3.0.0
v3.0.0: 安全性改进,移除硬编码模型推荐,添加用户确认步骤
v1.0.2
**Version 1.0.2 – Major Restructure and Documentation Upgrade**
- Modularized pre-flight checks and workflow guides into new reference files for maintainability.
- Streamlined pre-flight checks: model selection now auto-recommends the strongest model with user confirmation.
- Updated review workflow logic: Final Round must always be Full Review with extended checks, as detailed in new reference docs.
- Documented strict review automation—no user prompts for proceeding/fixing until two consecutive clean rounds.
- Clarified issue severity definitions and handling, especially around P3 category.
- Significantly condensed SKILL.md for readability, moving full rules/explanations to structured reference docs.
v1.0.1
iterative-code-review v2.7 (was v2.2)
- Major refactor of pre-flight checks for flexibility and reliability.
- Model selection is now user-driven, with "thinking: high" enforced; default and recommendations provided, not forced.
- Timeout durations for reviewers/fixers are now dynamically set based on PR file change size.
- Reviewers are required to check all newly added code lines, not just fixes.
- Before review, full PR commit history is retrieved and analyzed to skip already-fixed issues and avoid duplicate reporting.
- For PRs with multiple commits, user is asked to select between full or delta (latest commit only) review modes; round 2+ auto-switches to delta by default.
- All pre-flight check results are clearly outputted to the user for transparency.
v1.0.0
- Initial release of the Iterative Code Review skill with automated, multi-agent review-fix-review cycles.
- Implements parallel, independent reviews by 3 specialized subagents per review round for maximum issue detection.
- Automatically fixes all detected issues (P0/P1/P2) via subagent, with retry and timeout handling.
- Review process repeats until two consecutive rounds find no new P0/P1/P2 issues and all P3 issues are resolved or explained.
- Includes critical pre-flight checks: enforced use of bailian/glm-5 model and minimum subagent spawn depth.
- Comprehensive workflow and configuration guidance provided in the SKILL.md documentation.
元数据
常见问题
Iterative Code Review 是什么?
Iterative code review using multiple independent subagent reviews. Use when user asks to review PR, code, or mentions "review", "审查", "检查代码", "代码质量". Assists... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 661 次。
如何安装 Iterative Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install iterative-code-review」即可一键安装,无需额外配置。
Iterative Code Review 是免费的吗?
是的,Iterative Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Iterative Code Review 支持哪些平台?
Iterative Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Iterative Code Review?
由 Lucius.C(@luciuscao)开发并维护,当前版本 v1.2.1。
推荐 Skills