← 返回 Skills 市场
LogicArt Code Review
作者
JPaulGrayson
· GitHub ↗
· v1.0.0
573
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install logicart-review
功能描述
AI-powered code analysis via LogicArt — find bugs, security issues, and get logic flow visualizations. Use when reviewing code, analyzing code quality, findi...
使用说明 (SKILL.md)
Code Review
AI code analysis powered by LogicArt at https://logic.art.
Analyze Code
node {baseDir}/scripts/analyze.mjs --code "function add(a,b) { return a - b; }"
Or analyze a file:
node {baseDir}/scripts/analyze.mjs --file path/to/code.js
API
Endpoint: POST https://logic.art/api/agent/analyze
curl -s -X POST "https://logic.art/api/agent/analyze" \
-H "Content-Type: application/json" \
-d '{"code": "your code here", "language": "javascript"}'
Response typically includes: bugs, security issues, complexity score, suggestions, and logic flow.
Full Repository Scans
For scanning entire repositories, use Validate Repo: https://validate-repo.replit.app
Presenting Results
When showing results to the user:
- Lead with critical bugs/security issues
- Show complexity score
- List suggestions by priority
- Include logic flow if provided
Works Great With
- workflow-engine — Chain code reviews into CI/CD pipelines
- quack-coordinator — Hire specialist reviewer agents
Powered by Quack Network 🦆
安全使用建议
This skill is internally consistent for a remote code-review tool: it reads code (or any file you point it at) and POSTs the file contents to https://logic.art/api/agent/analyze. Before using: (1) confirm you trust logic.art and understand its privacy policy; (2) do not ask the skill or an autonomous agent to review sensitive files (private keys, credentials, .env files, proprietary secrets); (3) consider sanitizing or removing secrets from files before sending; (4) prefer pasting only the specific code you want analyzed rather than passing repository root paths or system paths; and (5) review the included scripts/analyze.mjs (it is small and readable) to verify no unexpected endpoints or obfuscation are present. If you need stricter guarantees, run analysis only on local tools or services that you control, or require an API key/authorization you manage.
功能分析
Type: OpenClaw Skill
Name: logicart-review
Version: 1.0.0
The `scripts/analyze.mjs` script is vulnerable to Local File Inclusion (LFI) via the `--file` argument. If an attacker can trick the agent into providing a sensitive file path (e.g., `~/.ssh/id_rsa`), the script will read the content of that file and then transmit it to the external API `https://logic.art/api/agent/analyze`. While `logic.art` is the stated analysis endpoint, sending arbitrary local files to a third-party service without explicit consent for those specific files constitutes a significant data exfiltration risk, classifying this as suspicious.
能力评估
Purpose & Capability
Name/description align with the implementation: the bundled script reads code (from --code or --file), determines language, and POSTs it to https://logic.art/api/agent/analyze for analysis. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
SKILL.md and the script instruct running scripts/analyze.mjs with a --file path or --code. The script will read any file path provided and send its full contents to the remote API. That is appropriate for code review, but the instructions do not warn about sensitive files or secrets and do not filter/sanitize inputs — so a user or an autonomous agent could inadvertently exfiltrate private keys, credentials, or other secrets if asked to 'review' arbitrary paths.
Install Mechanism
No install spec; the skill is instruction-only with a small included Node script. No external downloads, package installs, or archive extraction are present.
Credentials
No environment variables, credentials, or config paths are requested. The script does not read environment secrets. Network access is required to reach the logic.art API, which is expected for a cloud-based analysis service.
Persistence & Privilege
always is false, no system-wide changes or skill-configuration modifications are made, and the skill does not request permanent presence or elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install logicart-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/logicart-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
LogicArt Code Review 是什么?
AI-powered code analysis via LogicArt — find bugs, security issues, and get logic flow visualizations. Use when reviewing code, analyzing code quality, findi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 573 次。
如何安装 LogicArt Code Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install logicart-review」即可一键安装,无需额外配置。
LogicArt Code Review 是免费的吗?
是的,LogicArt Code Review 完全免费(开源免费),可自由下载、安装和使用。
LogicArt Code Review 支持哪些平台?
LogicArt Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 LogicArt Code Review?
由 JPaulGrayson(@jpaulgrayson)开发并维护,当前版本 v1.0.0。
推荐 Skills