← 返回 Skills 市场
ITFE Code Review
作者
Shan Yinlong
· GitHub ↗
· v1.0.0
· MIT-0
51
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install itfe-code-review
功能描述
Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements.
使用说明 (SKILL.md)
ITFE Code Review
🌐 Language Requirement
CRITICAL: You MUST respond ONLY in Simplified Chinese (简体中文).
- All review reports, findings, descriptions, and suggestions MUST be in Chinese
- All communication with the user MUST be in Chinese
- Code comments and variable names can remain in their original language
- Do NOT use English, Japanese, Korean, or any other language for explanations
Overview
Perform a structured review of the current git changes with focus on SOLID, architecture, removal candidates, and security risks. Default to review-only output unless the user asks to implement changes.
Severity Levels
| Level | Name | Description | Action |
|---|---|---|---|
| P0 | Critical | Security vulnerability, data loss risk, correctness bug | Must block merge |
| P1 | High | Logic error, significant SOLID violation, performance regression | Should fix before merge |
| P2 | Medium | Code smell, maintainability concern, minor SOLID violation | Fix in this PR or create follow-up |
| P3 | Low | Style, naming, minor suggestion | Optional improvement |
Workflow
1) Preflight context
- Use
git status -sb,git diff --stat, andgit diffto scope changes. - If needed, use
rgorgrepto find related modules, usages, and contracts. - Identify entry points, ownership boundaries, and critical paths (auth, payments, data writes, network).
Edge cases:
- No changes: If
git diffis empty, inform user and ask if they want to review staged changes or a specific commit range. - Large diff (>500 lines): Summarize by file first, then review in batches by module/feature area.
- Mixed concerns: Group findings by logical feature, not just file order.
2) SOLID + architecture smells
- Load
references/solid-checklist.mdfor specific prompts. - Look for:
- SRP: Overloaded modules with unrelated responsibilities.
- OCP: Frequent edits to add behavior instead of extension points.
- LSP: Subclasses that break expectations or require type checks.
- ISP: Wide interfaces with unused methods.
- DIP: High-level logic tied to low-level implementations.
- When you propose a refactor, explain why it improves cohesion/coupling and outline a minimal, safe split.
- If refactor is non-trivial, propose an incremental plan instead of a large rewrite.
3) Removal candidates + iteration plan
- Load
references/removal-plan.mdfor template. - Identify code that is unused, redundant, or feature-flagged off.
- Distinguish safe delete now vs defer with plan.
- Provide a follow-up plan with concrete steps and checkpoints (tests/metrics).
4) Security and reliability scan
- Load
references/security-checklist.mdfor coverage. - Check for:
- XSS, injection (SQL/NoSQL/command), SSRF, path traversal
- AuthZ/AuthN gaps, missing tenancy checks
- Secret leakage or API keys in logs/env/files
- Rate limits, unbounded loops, CPU/memory hotspots
- Unsafe deserialization, weak crypto, insecure defaults
- Race conditions: concurrent access, check-then-act, TOCTOU, missing locks
- Call out both exploitability and impact.
5) Code quality scan
- Load
references/code-quality-checklist.mdfor coverage. - Check for:
- Error handling: swallowed exceptions, overly broad catch, missing error handling, async errors
- Performance: N+1 queries, CPU-intensive ops in hot paths, missing cache, unbounded memory
- Boundary conditions: null/undefined handling, empty collections, numeric boundaries, off-by-one
- Flag issues that may cause silent failures or production incidents.
6) Output format
CRITICAL: Output all content in Simplified Chinese (简体中文).
Structure your review as follows:
## 代码审查报告
**审查文件数**:X 个文件,Y 行变更
**总体评估**:[通过 / 需要修改 / 建议]
---
## 发现的问题
### P0 - 严重
(无 或 列表)
### P1 - 高
- **[文件:行号]** 简短标题
- 问题描述
- 修复建议
### P2 - 中
...
### P3 - 低
...
---
## 删除/迭代计划
(如适用)
## 其他建议
(可选改进,不阻塞)
Inline comments: Use this format for file-specific findings:
::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::
Clean review (in Chinese): If no issues found, explicitly state:
- 检查了什么内容
- 未覆盖的区域(例如:"未验证数据库迁移")
- 残留风险或建议的后续测试
7) Next steps confirmation (in Chinese)
After presenting findings, ask user how to proceed (in Chinese):
---
## 下一步行动
我发现了 X 个问题(P0: _, P1: _, P2: _, P3: _)。
**你希望如何处理?**
1. **全部修复** - 我将实现所有建议的修复
2. **仅修复 P0/P1** - 处理严重和高优先级问题
3. **修复指定项** - 告诉我要修复哪些问题
4. **不做修改** - 仅审查,不需要实现
请选择一个选项或提供具体指示。
Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow. All communication must be in Chinese.
Resources
references/
| File | Purpose |
|---|---|
solid-checklist.md |
SOLID smell prompts and refactor heuristics |
security-checklist.md |
Web/app security and runtime risk checklist |
code-quality-checklist.md |
Error handling, performance, boundary conditions |
removal-plan.md |
Template for deletion candidates and follow-up plan |
安全使用建议
This skill appears safe for normal code review use. Be aware that it will read your current git changes and may search related repository files; only approve implementation steps if you are comfortable with the agent editing your code.
功能分析
Type: OpenClaw Skill
Name: itfe-code-review
Version: 1.0.0
The skill is a legitimate code review tool designed to analyze git changes for architectural patterns (SOLID), security vulnerabilities, and performance issues. It utilizes standard system tools like `git`, `rg`, and `grep` to scope changes and provides comprehensive reference checklists in the `references/` directory to guide the AI's analysis. While it contains a strict instruction to respond only in Simplified Chinese, this appears to be a localization requirement rather than a malicious prompt injection, and there is no evidence of data exfiltration, unauthorized execution, or persistence mechanisms.
能力标签
能力评估
Purpose & Capability
The stated purpose is code review of current git changes, and the artifacts only provide review instructions plus checklist references for SOLID, security, reliability, and code quality.
Instruction Scope
The workflow is scoped to reviewing diffs and related code, and it explicitly says not to implement changes until the user confirms.
Install Mechanism
There is no install spec, executable code, package dependency, remote script, or required binary.
Credentials
The skill expects the agent to run local git and search commands, which is appropriate for code review but may expose private repository contents to the agent/model.
Persistence & Privilege
No persistence, background worker, credential use, privileged path access, or autonomous long-running behavior is described.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install itfe-code-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/itfe-code-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- 新增技能:itfe-code-review 版本 1.0.0
- 提供以资深工程师视角的代码审查,聚焦 SOLID 原则、架构、安全风险及可操作的改进建议
- 所有审查报告和沟通内容均要求以简体中文输出
- 分类细致的问题严重等级(P0-P3),并推荐对应的处理措施
- 审查涵盖结构性、删除候选、安全、代码质量等维度,支持模块化和分批次大变更审阅
- 审查报告模板清晰,包含下一步处理建议,真正实现评审与执行分离
元数据
常见问题
ITFE Code Review 是什么?
Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 51 次。
如何安装 ITFE Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install itfe-code-review」即可一键安装,无需额外配置。
ITFE Code Review 是免费的吗?
是的,ITFE Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ITFE Code Review 支持哪些平台?
ITFE Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ITFE Code Review?
由 Shan Yinlong(@yorickshan)开发并维护,当前版本 v1.0.0。
推荐 Skills