← 返回 Skills 市场
tktk-ai

AI Code Reviewer

作者 tktk-ai · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tk-code-reviewer
功能描述
Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaS...
使用说明 (SKILL.md)

AI Code Reviewer

Comprehensive automated code reviews — security, performance, best practices, and refactoring suggestions.

What It Does

  1. Security Scan — SQL injection, XSS, SSRF, secrets in code, insecure dependencies
  2. Performance Analysis — N+1 queries, memory leaks, inefficient loops, caching opportunities
  3. Best Practices — Code style, naming conventions, SOLID principles, DRY violations
  4. Refactoring Suggestions — Concrete before/after code improvements
  5. Documentation Gaps — Missing docstrings, unclear function names, no type hints
  6. Complexity Analysis — Cyclomatic complexity, function length, nesting depth
  7. PR-Ready Comments — Output formatted as pull request review comments

Usage

Full Code Review

Review this code for security, performance, and best practices:

Language: [Python/JavaScript/TypeScript/Go/Rust]
Context: [What does this code do?]
Priority: [Security first / Performance first / General review]

[Paste code or file path]

For each issue found:
1. Severity (critical/high/medium/low)
2. Category (security/performance/style/bug)
3. Line reference
4. What's wrong
5. How to fix (with corrected code)

Security-Focused Review

Security audit this code. I'm looking for:
- SQL injection vulnerabilities
- XSS attack vectors
- Authentication/authorization bypasses
- Secrets or credentials in code
- Insecure dependencies
- SSRF/CSRF vulnerabilities
- Input validation gaps

Language: [Language]
[Paste code]

Performance Review

Analyze this code for performance issues:
- Database query efficiency (N+1, missing indexes)
- Memory usage and potential leaks
- Algorithm complexity (can it be optimized?)
- Caching opportunities
- Async/concurrency improvements

Context: This handles [X requests/second] and processes [Y data]
[Paste code]

Refactoring Guide

Suggest refactoring improvements for this code:
- Reduce complexity
- Improve readability
- Apply design patterns where beneficial
- Remove duplication
- Improve testability

Show before/after for each suggestion.
[Paste code]

PR Review Format

Review this pull request diff:

[Paste diff or describe changes]

Output as PR comments:
- File: [filename]
- Line: [number]
- Comment: [review comment]
- Suggestion: [code suggestion if applicable]

Output Format

# Code Review Report

**Files Reviewed**: [count]
**Language**: [language]
**Overall Score**: [X/100]

## 🔴 Critical Issues ([count])

### Issue 1: [Title]
- **Severity**: Critical
- **Category**: Security
- **Location**: [file:line]
- **Problem**: [Description]
- **Impact**: [What could happen]
- **Fix**:
  ```[language]
  // Before (vulnerable)
  [old code]
  
  // After (fixed)
  [new code]

🟡 Warnings ([count])

[Medium-severity issues]

🔵 Suggestions ([count])

[Low-severity improvements]

🟢 Positive Observations

[What's already good about the code]

Summary

  • Critical: [X] (must fix before merge)
  • Warnings: [X] (should fix soon)
  • Suggestions: [X] (nice to have)
  • Score: [X/100]

## Supported Languages
- Python (3.8+)
- JavaScript / TypeScript
- Go
- Rust
- Ruby
- PHP
- Java / Kotlin
- C / C++
- Shell / Bash

## Best Practices

- Provide context about what the code does — better context = better review
- Specify your priority (security vs performance vs general)
- For large codebases, review one module/file at a time
- Pair with `security-auditor` for infrastructure-level security checks
- Use the PR format output to paste directly into GitHub/GitLab reviews

## References

- `references/security-patterns.md` — Common vulnerability patterns by language
- `references/performance-patterns.md` — Common performance anti-patterns
安全使用建议
This skill appears coherent and does not ask for credentials or install arbitrary code. However: only paste or point the skill at code you are comfortable sharing (do not paste secrets, private keys, or production credentials). If you provide file paths, ensure the agent's environment is allowed to access those files and that they do not contain sensitive data. Review the AI's suggested fixes before applying them (especially security fixes), and consider running results by a human reviewer. Note the skill references auxiliary docs that were not included — that may limit some guidance but is not a security issue by itself.
功能分析
Type: OpenClaw Skill Name: tk-code-reviewer Version: 1.0.0 The skill bundle is a legitimate tool designed to provide AI-driven code reviews for security, performance, and best practices. It consists entirely of documentation and prompt instructions (SKILL.md and README.md) without any executable code, suspicious network activity, or instructions to exfiltrate sensitive data.
能力评估
Purpose & Capability
Name/description (automated code review across many languages) aligns with what the skill asks for and does. It requires no binaries, credentials, or installs, which is proportionate for an instruction-only reviewer that operates on user-supplied code or file paths.
Instruction Scope
SKILL.md confines actions to reviewing pasted code or user-provided file paths and producing PR-style comments. It does not instruct the agent to read system files or environment variables unrelated to a review. Note: allowing file-path input means the agent will read whatever files the user points it at (including potentially sensitive files) — this is expected for a code-review tool but worth caution. The SKILL.md references helper docs (references/*.md) that are not present in the package.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no unexplained secret requests.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request persistent presence or system-wide config changes and does not claim to modify other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tk-code-reviewer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tk-code-reviewer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — automated code reviews for security, performance, best practices with PR-ready comments
元数据
Slug tk-code-reviewer
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

AI Code Reviewer 是什么?

Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaS... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。

如何安装 AI Code Reviewer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tk-code-reviewer」即可一键安装,无需额外配置。

AI Code Reviewer 是免费的吗?

是的,AI Code Reviewer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

AI Code Reviewer 支持哪些平台?

AI Code Reviewer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 AI Code Reviewer?

由 tktk-ai(@tktk-ai)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论