← 返回 Skills 市场
anderskev

Phoenix Code Review

作者 Kevin Anderson · GitHub ↗ · v1.2.1 · MIT-0
cross-platform ✓ 安全检测通过
125
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install phoenix-code-review
功能描述
Reviews Phoenix code for controller patterns, context boundaries, routing, and plugs. Use when reviewing Phoenix apps, checking controllers, routers, or cont...
使用说明 (SKILL.md)

Phoenix Code Review

Quick Reference

Issue Type Reference
Bounded contexts, Ecto integration references/contexts.md
Actions, params, error handling references/controllers.md
Pipelines, scopes, verified routes references/routing.md
Custom plugs, authentication references/plugs.md

Review Checklist

Controllers

  • Business logic in contexts, not controllers
  • Controllers return proper HTTP status codes
  • Action clauses handle all expected patterns
  • Fallback controllers handle errors consistently

Contexts

  • Contexts are bounded by domain, not technical layer
  • Public functions have clear, domain-focused names
  • Changesets validate all user input
  • No Ecto queries in controllers

Routing

  • Verified routes (~p sigil) used, not string paths
  • Pipelines group related plugs
  • Resources use only needed actions
  • Scopes group related routes

Plugs

  • Authentication/authorization via plugs
  • Plugs are composable and single-purpose
  • Halt called after sending response in plugs

JSON APIs

  • Proper content negotiation
  • Consistent error response format
  • Pagination for list endpoints

Valid Patterns (Do NOT Flag)

  • Controller calling multiple contexts - Valid for orchestration
  • Inline Ecto query in context - Context owns its data access
  • Using action_fallback - Centralized error handling pattern
  • Multiple pipelines per route - Composition is intentional
  • Plug.Conn.halt/1 without send - May be handled by fallback

Context-Sensitive Rules

Issue Flag ONLY IF
Missing changeset validation Field accepts user input AND no validation exists
Controller too large More than 7 actions OR actions > 20 lines
Missing authorization Route is not public AND no auth plug in pipeline

Gates (run in order; each step has a pass condition)

  1. Anchored evidence — For every planned finding, open the source and note file path + line number from that read (not from memory or diff snippets alone). Pass: each finding cites path:line that you opened.
  2. “Handled elsewhere” sweep — Before reporting “missing validation,” “missing auth,” or “wrong status,” search the router (pipelines/scopes), controller (action_fallback, plug), and relevant context for existing checks. Pass: you recorded whether handling exists elsewhere (yes + where, or no after search).
  3. Verification protocol — Load and apply review-verification-protocol for the issue type. Pass: that skill’s pre-report checks for that finding class are satisfied before you write the finding.
  4. Finding shape — Emit each issue as [FILE:LINE] ISSUE_TITLE with a one-line rationale tied to the cited code. Pass: every line matches that pattern.

Before Submitting Findings

Do not report until Gates above pass. For full anti-false-positive steps, follow review-verification-protocol.

安全使用建议
This skill appears coherent and low-risk: it is a documentation-driven code-review helper that will read your project files to produce findings. Before using it, ensure you only grant the agent access to the repository you want reviewed, confirm whether the referenced ../review-verification-protocol skill exists (or provide an equivalent verification process), and be mindful that reported findings will include file paths and line numbers (which may expose code snippets). If you need stricter control, run the review in a sandboxed environment or limit the agent's filesystem access. Lastly, remember autonomous invocation is allowed by default — disable it if you prefer to run reviews manually.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name, description, and all included reference docs (controllers, contexts, plugs, routing) align with a Phoenix code-review helper. The skill requests no environment variables, binaries, or config paths that would be unrelated to code review.
Instruction Scope
The SKILL.md explicitly instructs the agent to open project source files and cite file:line for findings — this is expected for a code-review skill, but it grants the agent broad read access to the repository. The gates reference an external verification skill at ../review-verification-protocol/SKILL.md which is not included here; that dependency may block verification or produce vague behavior if missing. Overall scope is coherent with the purpose, but you should be aware it will inspect repository files and expects another review skill to be present.
Install Mechanism
No install spec and no code files: instruction-only (no code is written to disk or downloaded). This is the lowest-risk install posture.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing requests unrelated secrets or system access.
Persistence & Privilege
always:false and default agent invocation are set. The skill does not request permanent presence or system-wide configuration changes; autonomy is allowed by default but is not combined with other elevated privileges here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install phoenix-code-review
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /phoenix-code-review 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
- Added a "Gates" section outlining required step-by-step evidence, cross-check, and verification protocols before reporting findings. - Updated references to the review verification protocol for improved accuracy. - Clarified that issues should not be reported until all gates are passed, emphasizing anti-false-positive checks. - No functional or logic changes to checklists or core review rules.
v1.2.0
- Added a comprehensive review checklist covering controllers, contexts, routing, plugs, and JSON APIs. - Included a quick reference table linking to relevant pattern guides. - Documented valid code patterns that should not be flagged as issues. - Outlined context-sensitive rules for common Phoenix code review concerns. - Instructed users to follow the review verification protocol before submitting findings.
元数据
Slug phoenix-code-review
版本 1.2.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Phoenix Code Review 是什么?

Reviews Phoenix code for controller patterns, context boundaries, routing, and plugs. Use when reviewing Phoenix apps, checking controllers, routers, or cont... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 125 次。

如何安装 Phoenix Code Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install phoenix-code-review」即可一键安装,无需额外配置。

Phoenix Code Review 是免费的吗?

是的,Phoenix Code Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Phoenix Code Review 支持哪些平台?

Phoenix Code Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Phoenix Code Review?

由 Kevin Anderson(@anderskev)开发并维护,当前版本 v1.2.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论