← 返回 Skills 市场

Local Cpp Code Review

Name: Local Cpp Code Review
Author: zhouzy-creator

作者 zhouzy-creator · GitHub ↗ · v0.1.1 · MIT-0

cross-platform ✓ 安全检测通过

110

总下载

当前安装

版本数

在 OpenClaw 中安装

/install local-code-review

功能描述

遍历指定本地目录，对所有 C/C++ 源代码进行生产就绪性审查、质量检查及潜在漏洞分析。

使用说明 (SKILL.md)

本地 C/C++ 代码审查 (OpenClaw 版)

当用户要求“审查 [目录] 目录的代码”时，调用此 Skill。该工具直接扫描本地文件系统，对 C/C++ 核心逻辑进行深度分析。

核心流程

1. 目录扫描： 使用 ls -R 或文件遍历工具定位指定目录下的所有 .c, .cpp, .h, .hpp 文件。

2. 分段审查： 由于上下文限制，如果目录较大，应按模块或文件组分批调用审查模型。

3. 触发指令：

"审查 ./src 目录的代码"
"检查当前文件夹下 C++ 源码的质量"

审查维度 (针对 C/C++)

内存安全： 检查是否存在内存泄漏（如 new 无 delete）、野指针、缓冲区溢出（使用 strcpy 等危险函数）。
资源管理： 是否遵循 RAII 原则？智能指针（unique_ptr, shared_ptr）使用是否得当？
并发安全： 检查死锁风险、未加锁的共享变量、竞态条件。
性能开销： 检查非必要的拷贝（如未传递 const reference）、昂贵的循环内操作。
现代化 C++： 是否使用了 C++11/14/17+ 的特性来简化代码？

交互模板 (local-code-reviewer.md )

调用时请按以下格式填充上下文：

{TARGET_DIRECTORY}: 待审查的本地路径
{FILE_LIST}: 扫描到的文件清单
{CODE_SNIPPETS}: 关键文件的源代码内容
{CONSTRAINTS}: 项目特定的编码规范（如有）

输出规范

1. 扫描报告

列出已审查的文件数量及发现的问题汇总。

2. 问题分类

致命 (Critical): 内存崩溃、安全漏洞、逻辑死循环。
重要 (Important): 资源泄漏隐患、违反 RAII、缺乏异常处理。
建议 (Minor): 命名规范、冗余代码、现代化改进建议。

3. 修复示例

对每个“致命”和“重要”问题，必须提供修改前后的代码对比。

注意事项

禁止： 忽略本地路径中的第三方库（如 node_modules 或 vendor），只聚焦于业务源码。
建议： 优先检查头文件中的类定义，再检查实现文件。
限制： 如果单个文件超过 4k tokens，应采取“函数级”拆分审查。

安全使用建议

This skill is internally consistent for reviewing local C/C++ source trees. Before running it, ensure you: 1) only point it at directories you trust (it will read all files under the target path and may therefore expose secrets embedded in source/config files); 2) prefer running in a sandboxed or read-only context if possible; 3) explicitly confirm/limit excluded paths (third_party, vendor, build artifacts) to avoid scanning large or sensitive folders; and 4) review the generated report locally before sharing its contents externally. If you need stricter controls, consider running the review on a checked-out subset of the repository or on a sanitized copy.

功能分析

Type: OpenClaw Skill Name: local-code-review Version: 0.1.1 The skill bundle is a legitimate tool designed for local C/C++ code analysis. It provides structured instructions for an AI agent to traverse local directories, identify source files, and perform security and quality audits (e.g., checking for memory leaks and buffer overflows). There is no evidence of malicious intent, data exfiltration, or prompt injection attacks; the requested file system access is strictly aligned with the stated purpose of code review. Files analyzed: SKILL.md, local-code-reviewer.md, and _meta.json.

能力评估

✓ Purpose & Capability

Name/description (local C/C++ code review) align with the instructions: scanning a user-provided directory for .c/.cpp/.h/.hpp files and performing static review. No unrelated credentials, binaries, or installs are requested.

ℹ Instruction Scope

SKILL.md explicitly instructs filesystem traversal (e.g., ls -R) and reading source files to produce issue classifications and code diffs. This is expected for a local code-reviewer, but it necessarily grants the agent access to all files under the provided target directory (which may include secrets or unrelated files). The skill includes guidance to ignore third-party/vendor directories, which reduces noise.

✓ Install Mechanism

No install spec or code files are present; this is an instruction-only skill that relies on the agent's existing ability to read local files. That minimizes install-time risk.

✓ Credentials

The skill declares no environment variables, credentials, or config paths. It does not request unrelated secrets or external service tokens.

✓ Persistence & Privilege

always:false and no instructions to modify agent/system-wide configs or persist credentials. The skill does not request permanent presence or elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install local-code-review
安装完成后，直接呼叫该 Skill 的名称或使用 /local-code-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.1

- Added local-code-reviewer.md to provide an explicit interaction template. - No changes to main logic or review procedures. - Improves clarity for usage by specifying context placeholders.

v0.1.0

Initial release of local-cpp-code-review skill. - Enables deep, production-readiness reviews of local C/C++ codebases by scanning specified directories. - Analyzes for memory safety, resource management, concurrency, performance, and modern C++ practices. - Structured report output: file scan summary, categorized issues (Critical, Important, Minor), and required fix examples. - Excludes third-party libraries and prioritizes business code with special handling for large files. - Supports modular review for large directories and function-level splits for big files.

元数据

Slug local-code-review

版本 0.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题