← 返回 Skills 市场
56
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install laosi-code-review
功能描述
多视角代码审查 - 安全(OWASP)/性能/正确性/风格,每视角输出严重级别+修复建议,支持PASS/BLOCK裁定
使用说明 (SKILL.md)
Code Review - 多视角代码审查
激活词: 审查 / code review / CR
4视角框架
┌────────────────────────────────────────┐
│ 代码审查 整体裁定 │
├──────────┬──────────┬─────────┬─────────┤
│ SECURITY │PERFORM- │CORRECT- │ STYLE │
│ 安全 │ ANCE 性能 │ NESS正确│ 风格 │
├──────────┼──────────┼─────────┼─────────┤
│ CRITICAL │ MAJOR │ MINOR │ INFO │
└──────────┴──────────┴─────────┴─────────┘
Python 实现
from dataclasses import dataclass, field
from typing import List, Optional
from enum import Enum
class Severity(Enum):
CRITICAL = "CRITICAL" # 必须修复
MAJOR = "MAJOR" # 强烈建议
MINOR = "MINOR" # 建议改进
INFO = "INFO" # 仅供参考
class Verdict(Enum):
PASS = "PASS"
PASS_WITH_COMMENTS = "PASS_WITH_COMMENTS"
BLOCK = "BLOCK"
@dataclass
class Finding:
perspective: str
severity: Severity
file: str
line: int
title: str
detail: str
suggestion: str
@dataclass
class ReviewResult:
findings: List[Finding] = field(default_factory=list)
def add(self, perspective: str, severity: Severity, file: str,
line: int, title: str, detail: str, suggestion: str = ""):
self.findings.append(Finding(
perspective, severity, file, line, title, detail, suggestion
))
def security_check(self, code: str, file: str = "unknown"):
"""安全视角检查"""
checks = [
("SQL注入风险", "execute(", "使用参数化查询代替字符串拼接"),
("XSS风险", "innerHTML", "使用textContent或安全转义"),
("硬编码密钥", "api_key", "移动到环境变量或密钥管理服务"),
("路径遍历", "../", "验证用户输入路径,使用basename"),
("命令注入", "os.system(", "使用subprocess.run传参数组"),
("eval执行", "eval(", "避免使用eval,改用安全替代方案"),
]
for title, pattern, suggestion in checks:
for i, line_text in enumerate(code.split('\
'), 1):
if pattern in line_text:
self.add("SECURITY", Severity.CRITICAL, file, i,
f"发现{title}: `{line_text.strip()}`",
f"第{i}行: `{line_text.strip()}`",
suggestion)
def performance_check(self, code: str, file: str = "unknown"):
perform_checks = [
("N+1查询", "for.*in.*query"),
("大循环", "for.*in range"),
("重复计算", ".count("),
]
# 简化示例
for title, _, _ in perform_checks:
pass # 实际检查会解析AST
def correctness_check(self, code: str, file: str = "unknown"):
correct_checks = [
("除以0", "/ (", "除法前检查分母是否为0"),
("空指针", "None."),
("索引越界", "[len("),
]
def style_check(self, code: str, file: str = "unknown"):
style_checks = [
("行长超限", lambda l: len(l) > 100),
("驼峰vs蛇形", lambda l: any(w.isupper() for w in l.split())),
]
def verdict(self) -> Verdict:
criticals = [f for f in self.findings
if f.severity in (Severity.CRITICAL, Severity.MAJOR)]
if any(f.severity == Severity.CRITICAL for f in self.findings):
return Verdict.BLOCK
if criticals:
return Verdict.PASS_WITH_COMMENTS
return Verdict.PASS
def report(self) -> str:
out = ["# Code Review Report\
"]
by_perspective = {}
for f in self.findings:
by_perspective.setdefault(f.perspective, []).append(f)
for perspective in ["SECURITY", "PERFORMANCE", "CORRECTNESS", "STYLE"]:
items = by_perspective.get(perspective, [])
if not items:
continue
sev = max(items, key=lambda x: x.severity.value).severity.value
out.append(f"## {perspective} [{sev}]")
for f in items:
sev_icon = {"CRITICAL": "🔴", "MAJOR": "🟡", "MINOR": "🔵", "INFO": "⚪"}
out.append(
f"- {sev_icon.get(f.severity.value, '')} "
f"`{f.file}:{f.line}` {f.title}\
"
f" > {f.detail}\
"
f" 💡 {f.suggestion}"
)
out.append("")
v = self.verdict()
v_icon = {"PASS": "✅", "PASS_WITH_COMMENTS": "⚠️", "BLOCK": "🚫"}
out.append(f"## 裁定: {v_icon[v.value]} {v.value}")
out.append(f"共 {len(self.findings)} 个发现项")
return "\
".join(out)
# 使用示例
code = """
def get_user(name):
query = "SELECT * FROM users WHERE name = '" + name + "'"
result = execute(query)
data = result.fetchall()
for row in data:
print(row)
"""
review = ReviewResult()
review.security_check(code, "users.py")
review.performance_check(code, "users.py")
review.correctness_check(code, "users.py")
review.style_check(code, "users.py")
print(review.report())
检查清单
| 视角 | 典型问题 | 严重程度 |
|---|---|---|
| SECURITY | SQL注入、XSS、硬编码密钥、路径遍历 | CRITICAL |
| PERFORMANCE | N+1查询、内存泄漏、热点路径、缓存缺失 | MAJOR |
| CORRECTNESS | 除0、空指针、索引越界、竞态条件 | MAJOR |
| STYLE | 命名规范、死代码、类型安全、格式化 | MINOR |
使用场景
- PR审查: 合并前自动跑4视角,拦截严重问题
- 安全审计: SECURITY视角专注OWASP Top 10
- 性能优化: PERFORMANCE视角找出热点
- 代码质量: 配合CI/CD自动审查每次提交
依赖
- Python 3.8+
- 可选: ast (标准库) 用于AST级别检查
安全使用建议
This appears safe to install as a code-review helper. Treat its sample Python checks as illustrative rather than comprehensive, and note that the marketplace credential tag looks unnecessary based on the artifact content.
能力标签
能力评估
Purpose & Capability
The stated purpose is multi-perspective code review, and the artifact contains review criteria plus illustrative Python code for security, performance, correctness, and style checks.
Instruction Scope
Instructions are scoped to reviewing code and reporting findings; there are no prompt overrides, concealed directives, unrelated actions, or automatic high-impact operations.
Install Mechanism
The package contains a single non-executable SKILL.md file with no install scripts, dependencies, or runtime hooks beyond optional standard-library Python concepts shown as examples.
Credentials
Metadata marks the skill as requiring sensitive credentials, but the artifact itself does not request credentials, environment variables, auth stores, network access, or local profile data.
Persistence & Privilege
No persistence, background worker, privilege escalation, file mutation, deletion, or external data flow is described or implemented.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install laosi-code-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/laosi-code-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- Enhanced documentation with bilingual (English/Chinese) sections and practical examples
- Added visual summary of the 4-perspective code review framework
- Provided a detailed Python implementation with dataclasses and example usage
- Listed typical problems and severity per perspective in a checklist table
- Clarified usage scenarios and requirements for easier adoption
v1.0.0
- Initial release of the code review skill.
- Provides multi-perspective review: SECURITY (OWASP), PERFORMANCE, CORRECTNESS, and STYLE.
- Outputs structured findings by perspective, each labeled with severity.
- Delivers an overall verdict: PASS / PASS WITH COMMENTS / BLOCK.
- Highlights blocking items and suggests code fixes for each finding.
元数据
常见问题
多视角代码审查 是什么?
多视角代码审查 - 安全(OWASP)/性能/正确性/风格,每视角输出严重级别+修复建议,支持PASS/BLOCK裁定. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 56 次。
如何安装 多视角代码审查?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install laosi-code-review」即可一键安装,无需额外配置。
多视角代码审查 是免费的吗?
是的,多视角代码审查 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
多视角代码审查 支持哪些平台?
多视角代码审查 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 多视角代码审查?
由 534422530(@534422530)开发并维护,当前版本 v1.1.0。
推荐 Skills