← 返回 Skills 市场
review-sendmsg
作者
dexing2635-tech
· GitHub ↗
· v1.0.0
· MIT-0
156
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-review-sendmsg
功能描述
Perform detailed Python code reviews identifying bugs, security risks, test gaps, and maintainability issues in diffs, patches, or pull requests.
安全使用建议
This package contains runnable scripts that will (if configured) send repository diffs to an external LLM endpoint and post logs/notifications to Telegram, but the registry metadata does not declare those environment variables or behaviors. Before installing or running: 1) Do not provide your production LLM API key or real repo credentials until you verify the maintainer and endpoint (LLM_API_URL points to a third-party host). 2) Inspect PROJECTS_DATA to ensure it doesn't point to sensitive/private git URLs. 3) If you need only interactive review functionality, consider removing or disabling the review_runner/telegram parts. 4) Run the scripts in an isolated/test environment (no access to private secrets or production repos). 5) Ask the author/owner for clarification: why the description says 'Python review' while the code reviews many languages, and why required env vars were omitted from the skill metadata. If you cannot verify these answers, treat the skill as untrusted and avoid supplying secrets or connecting it to sensitive repositories.
功能分析
Type: OpenClaw Skill
Name: skill-review-sendmsg
Version: 1.0.0
The skill bundle provides a functional framework for automated code reviews across multiple languages (PHP, JS, TS, SQL, Shell). It utilizes local linters (e.g., php -l, node --check) and integrates with the DeepSeek LLM API to analyze git diffs, reporting results via Telegram. While it executes shell commands via subprocess and communicates with external APIs, these actions are strictly aligned with its stated purpose of code auditing and notification, with no evidence of malicious intent, credential theft, or unauthorized data exfiltration.
能力评估
Purpose & Capability
The skill is described as a Python code-review helper, but the included scripts target multiple languages (.php, .js, .ts, .sql, .sh), implement a multi-project runner, and send results to an external LLM and Telegram. The registry declares no required environment variables or credentials, yet the code expects LLM_API_KEY, LLM_API_URL, LLM_MODEL, TG_BOT_TOKEN, TG_CHAT_ID, PROJECTS_DATA, and various dirs. These capabilities are broader than the description and the requested/declared requirements.
Instruction Scope
SKILL.md only describes a structured Python review and references local helper scripts but does not mention network I/O, sending notifications, or multi-repo automation. In contrast, the scripts read .env, call an external LLM endpoint with diffs, run subprocesses (git, php, node, bash), write log files, and post messages/documents to Telegram. That expands the runtime scope beyond what the instructions disclose.
Install Mechanism
There is no install spec (instruction-only), which limits installer-level risk. The repository includes requirements.txt (requests, python-dotenv) — common and expected for networked Python scripts. Because the skill ships runnable scripts, installing/ running them will execute network calls and subprocesses on the host; the absence of an install script reduces supply-chain risk but does not eliminate execution-time risk.
Credentials
The skill registry lists no required env vars, but the code requires secrets and config: LLM_API_KEY (and URL/model), TG_BOT_TOKEN and TG_CHAT_ID, PROJECTS_DATA (which can contain git URLs/branches and target chats), and other runtime dirs. Those variables permit sending repository diffs to a third-party LLM service and posting logs to Telegram — powerful exfiltration channels that are not justified or declared by the public metadata.
Persistence & Privilege
always:false and no special privilege flags are set. The skill does not request forced always-on inclusion. However, the runner script is designed to run as a multi-project cron-like process (state, lock, work directories), so if installed and scheduled it could run regularly and contact external services; this is a behavioral risk but not a declared platform privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-review-sendmsg - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-review-sendmsg触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-review-sendmsg:
- Provides structured reviews for Python code changes with checks for correctness, safety, test coverage, and maintainability.
- Outlines a clear workflow for code review, focusing on real, actionable issues.
- Outputs concise verdicts, prioritizing high-severity findings with file/line references and fix suggestions.
- Includes descriptions of usage scenarios and helper scripts for review logic and automation.
- Ensures practical, specific feedback and advises when information is missing or a change is fine.
元数据
常见问题
review-sendmsg 是什么?
Perform detailed Python code reviews identifying bugs, security risks, test gaps, and maintainability issues in diffs, patches, or pull requests. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 156 次。
如何安装 review-sendmsg?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-review-sendmsg」即可一键安装,无需额外配置。
review-sendmsg 是免费的吗?
是的,review-sendmsg 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
review-sendmsg 支持哪些平台?
review-sendmsg 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 review-sendmsg?
由 dexing2635-tech(@dexing2635-tech)开发并维护,当前版本 v1.0.0。
推荐 Skills