← 返回 Skills 市场

Postgres Code Review

Name: Postgres Code Review
Author: anderskev

作者 Kevin Anderson · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ✓ 安全检测通过

228

总下载

当前安装

版本数

在 OpenClaw 中安装

/install postgres-code-review

功能描述

Reviews PostgreSQL code for indexing strategies, JSONB operations, connection pooling, and transaction safety. Use when reviewing SQL queries, database schem...

使用说明 (SKILL.md)

PostgreSQL Code Review

Quick Reference

Issue Type	Reference
Missing indexes, wrong index type, query performance	references/indexes.md
JSONB queries, operators, GIN indexes	references/jsonb.md
Connection leaks, pool configuration, timeouts	references/connections.md
Isolation levels, deadlocks, advisory locks	references/transactions.md

Review Checklist

WHERE/JOIN columns have appropriate indexes
Composite indexes match query patterns (column order matters)
JSONB columns use GIN indexes when queried
Using proper JSONB operators (->, ->>, @>, ?)
Connection pool configured with appropriate limits
Connections properly released (context managers, try/finally)
Appropriate transaction isolation level for use case
No long-running transactions holding locks
Advisory locks used for application-level coordination
Queries use parameterized statements (no SQL injection)

Gates (before reporting findings)

Use this sequence so conclusions stay evidence-bound (not “I checked mentally”):

Scope — Record the concrete paths (and line ranges or symbols if helpful) for the SQL, DDL/migrations, and connection code under review. Pass: every subsystem you critique (queries, JSONB, pool, transactions) has at least one cited path.
SQL/DDL citation for performance claims — Index, sequential-scan, JSONB-operator, and plan-related findings must point to the exact statement or schema (quoted excerpt or file:line). Pass: each such finding includes that citation.
Binding check before injection flags — Only assert SQL-injection risk after locating how SQL and values are combined (bound parameters vs string concat/format/f-strings). Pass: you name the mechanism you saw in code for each flagged callsite.

Then load the relevant reference doc from Quick Reference and walk the Review Checklist.

When to Load References

Reviewing SELECT queries with WHERE/JOIN → indexes.md
Reviewing JSONB columns or JSON operations → jsonb.md
Reviewing database connection code → connections.md
Reviewing BEGIN/COMMIT or concurrent updates → transactions.md

Review Questions

Will this query use an index or perform a sequential scan?
Are JSONB operations using appropriate operators and indexes?
Are database connections properly managed and released?
Is the transaction isolation level appropriate for this operation?
Could this cause deadlocks or long-running locks?

安全使用建议

This skill is a documentation-driven checklist and appears coherent for PostgreSQL code reviews. Before using it: do not paste production credentials or secrets into the review prompt (the reference docs contain illustrative hardcoded connection examples only), provide only the code/files you want reviewed (file paths and line ranges as requested), and verify any remediation recommendations against your environment (e.g., index creation or isolation-level changes) before applying them. If you need the skill to run EXPLAIN ANALYZE or execute queries, prefer read-only test credentials and isolate that activity to a safe test database.

能力评估

✓ Purpose & Capability

Name/description match the provided artifacts: SKILL.md and four reference documents covering indexes, JSONB, connections, and transactions. There are no unexpected env vars, binaries, or installs requested that would be unrelated to a code-review/checklist skill.

✓ Instruction Scope

Runtime instructions are narrowly scoped to reviewing SQL/DDL/migration and connection/transaction code: they require citing file paths/line ranges and checking binding patterns before flagging injection. The instructions do not ask the agent to read system files, network endpoints, or other credentials beyond code under review. (Note: examples in references include placeholder connection strings and hardcoded credentials for demonstration; these are examples only and not operational instructions to exfiltrate secrets.)

✓ Install Mechanism

No install spec or code files beyond documentation; instruction-only skill has minimal surface area and does not download or write code to disk.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The reference examples include sample host/user/password placeholders for illustrative purposes — these are typical in docs and do not indicate required secrets.

✓ Persistence & Privilege

always is false and there is no installation that modifies agent/system configuration. The skill is user-invocable and may be invoked autonomously per platform defaults, which is expected for skills of this type and is not combined with any broad credential or persistence requests.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install postgres-code-review
安装完成后，直接呼叫该 Skill 的名称或使用 /postgres-code-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.1

- Added a new “Gates (before reporting findings)” section to clarify requirements for evidence and code citations before making review conclusions. - Detailed steps for scope citation, SQL/DDL referencing, and binding checks to ensure findings are evidence-based and linked to specific code locations. - Retained and reorganized reference instructions to improve clarity and review structure. - No changes to technical code or review checklist; documentation update only.

v1.1.0

- Adds a detailed review checklist covering indexes, JSONB usage, connection pooling, and transaction safety. - Provides quick references to topic-specific guides (indexes, JSONB operations, connections, transactions). - Includes guidance on when to consult each reference during code review. - Lists essential review questions to help evaluate PostgreSQL code for best practices and safety.

元数据

Slug postgres-code-review

版本 1.1.1

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 2

常见问题