← 返回 Skills 市场
chinasilva

Peter Code Review

作者 chinasilva · GitHub ↗ · v1.5.0
cross-platform ⚠ suspicious
407
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install peter-code-review
功能描述
提交前质量闸门。快速完成本地测试、静态检查和风险审查,判断“是否可提交”。
安全使用建议
This skill is an instruction-driven pre-commit reviewer that will run git commands and whatever project-local scripts exist (lint, typecheck, tests, build, gate:db). Before using it: (1) run it in a trusted/isolated environment (or ensure no sensitive env vars are set), because npm/test/build scripts execute repository code and can perform network I/O or read host env; (2) ensure your machine has the developer tools the skill expects (git, node/npm/npx or ruff/pytest or go/cargo); (3) confirm you trust the repository code (or run inside a container/CI) if you let the agent execute build/test commands; and (4) note the metadata could be clearer about required binaries — if you need guarantees about what the skill will execute, ask the author for an explicit list of expected commands and any safe-run recommendations.
功能分析
Type: OpenClaw Skill Name: peter-code-review Version: 1.5.0 The skill executes various project-defined scripts (e.g., `npm run lint`, `npm run test`, `pytest`, `go test`, `cargo test`) as part of its code review and quality gate process, as instructed in `SKILL.md`. While these commands are plausibly needed for the stated purpose, they allow the execution of arbitrary code defined within the user's project. This presents a significant vulnerability, as a malicious project could embed harmful scripts that would be executed by the OpenClaw agent when this skill is run on it. Although the skill itself does not exhibit explicit malicious intent (e.g., data exfiltration, persistence), this capability without strong input sanitization or sandboxing constitutes a high-risk behavior.
能力评估
Purpose & Capability
The skill's name/description (pre-submit quality gate) matches the instructions (identify git changes, run lint/type/test/build/gate checks, produce a report). Minor inconsistency: the registry metadata lists no required binaries, but the SKILL.md explicitly expects common developer tools (git, npm/npx, tsc, ruff, pytest, go, cargo, etc.). This is reasonable for a repo-local tool but the declared metadata could be more explicit about expected tools.
Instruction Scope
SKILL.md instructs the agent to run git commands and project-local commands (npm scripts, test/build commands) in the repository root and to read diffs and file lists — all coherent with a pre-commit review. It does not instruct sending data to external endpoints. Caution: executing project scripts (npm run build, workflow:check, gate:db, tests) will run code from the repository which could perform network I/O or read environment variables on the host; the skill documents behavior when commands are missing and requires recording failures.
Install Mechanism
No install spec and no code files — lowest technical risk. The skill is instruction-only so nothing is written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables or credentials (which is appropriate). However, the commands it runs may implicitly rely on or read any environment variables present on the host (build/test scripts often use secrets or CI tokens). The skill does not request unrelated external credentials.
Persistence & Privilege
always: false and no persistent installation — the skill does not request elevated or permanent presence. It does not modify other skills or system-wide configs per the instructions provided.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install peter-code-review
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /peter-code-review 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
- 支持多技术栈的提交前代码质量审查,自动识别改动范围并根据改动类型动态触发检查 - 集成基础 lint、类型检查、单元/集成测试、依赖/配置变更的构建检查及数据库门控等,多项检查支持缺失时风险提示 - 专为提交前场景设计,默认审查工作区改动,无改动时自动切换至最近提交并给予特殊标注 - 新增 UI 改动检测与手工冒烟要求,未执行 UI 验证时明确标记为潜在风险,不得标记通过 - 输出标准化代码审查报告,含完整检查结论与风险、修复建议
元数据
Slug peter-code-review
版本 1.5.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Peter Code Review 是什么?

提交前质量闸门。快速完成本地测试、静态检查和风险审查,判断“是否可提交”。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 407 次。

如何安装 Peter Code Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install peter-code-review」即可一键安装,无需额外配置。

Peter Code Review 是免费的吗?

是的,Peter Code Review 完全免费(开源免费),可自由下载、安装和使用。

Peter Code Review 支持哪些平台?

Peter Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Peter Code Review?

由 chinasilva(@chinasilva)开发并维护,当前版本 v1.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论