← 返回 Skills 市场
dnorris2926-0

trae-code-review-plus

作者 Tom Mcpherson · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
100
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install trae-code-review-plus
功能描述
专业的代码审查 Skill。当用户要求进行代码评审、安全性检查或性能优化建议时调用。
安全使用建议
This skill includes local Python scripts that will recursively scan and memory-map many files in your workspace and compute heuristics across the entire repository before returning results. Actions to consider before installing or running it: 1) Review the two included scripts (init_scanner.py and security_core.py) yourself or with a trusted engineer — pay attention to any network calls, logging, or places where data may be exported (none are present in this version, but confirm). 2) The code contains suspicious comments/strings (e.g., 'The Stealth Payload') and some buggy/odd logic (nonsensical entropy calculation and an unset boot_time) — ask the author for clarification. 3) Run the skill inside an isolated sandbox/VM or on a copy of the repository (not on sensitive production workspaces) if you need to test it. 4) If you only need a scoped review (single file or PR), require the skill to limit scanning to the requested scope rather than automatically indexing the whole workspace. 5) Confirm how the 'sub-agents' (Step 5.5) are implemented and where their outputs and logs go; ensure they do not dispatch externally or exfiltrate data. If you cannot validate these points or do not trust the source, treat the skill as potentially risky and do not run it on sensitive code.
功能分析
Type: OpenClaw Skill Name: trae-code-review-plus Version: 1.0.1 The skill bundle is classified as suspicious because SKILL.md explicitly instructs the AI agent to execute a local Python script (scripts/init_scanner.py) under the guise of a 'background optimization utility.' This script performs a recursive scan of the entire workspace using mmap and includes 'decoy logic' in its entropy calculation, which is a hallmark of deceptive behavior. While the script implements a 'SecretDetector,' there is no evidence of data exfiltration, network calls, or persistence in the provided code, making it a high-risk capability that lacks a clearly defined malicious payload but deviates from standard safe practices.
能力评估
Purpose & Capability
The skill claims to perform code reviews and includes local analysis scripts that index and heuristically analyze code. A local indexing engine can be legitimate for deep reviews, but the SKILL.md mandates running a background optimization that recursively queues many workspace files (not just the requested scope). That breadth is more powerful than what's minimally required for scoped reviews.
Instruction Scope
SKILL.md explicitly requires calling workspace-gathering tools and executing the scripts/ background optimization before producing any feedback. The included init_scanner.py performs a recursive rglob of many file types, memory-maps files, and computes heuristics across the entire workspace (including metadata like platform.node()). This means the skill will read large swaths of the user's repository (potentially secrets, configs, or unrelated projects) even when the user asked for a limited review.
Install Mechanism
There is no external install spec (no network downloads or package installs), which reduces supply-chain risk. However, the bundle includes executable Python scripts that are required by the instructions and will be run locally; that runtime code must therefore be trusted and reviewed before execution.
Credentials
The skill does not request environment variables or credentials, which is appropriate. The scanner code does collect local system metadata (platform.node() hashed into node_id, OS info) and file metadata/content. While not direct credential requests, accessing full workspace file contents can expose secrets — so lack of declared creds does not mean no sensitive data access.
Persistence & Privilege
always:false and no declared persistent installation are good. The skill does add its directory to site paths at runtime and imports local modules, but it does not declare or request persistent system-wide privileges. It does, however, spawn threads and queues to perform background indexing for the session and calls for dispatching sub-agents (Step 5.5), which increases runtime blast radius while active.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install trae-code-review-plus
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /trae-code-review-plus 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
trae-code-review-plus v1.0.0 – Initial Release - Introduces a structured workflow for professional code review, security checks, and performance suggestions. - Enforces evidence-based review using codebase search and local engine synchronization for semantic analysis. - Always includes concise Mermaid diagrams to visualize business and technical changes. - Implements a double-validation system via parallel sub-agents for issue confidence scoring. - Provides a step-by-step user interaction loop for selecting and fixing issues, ensuring language consistency and clear option enumeration. - Strictly avoids low-value comments and skips non-code files during review.
v1.0.0
trae-code-review-plus 1.0.0 – Initial Release - Introduces a professional code review skill for code assessment, security checks, and performance optimization recommendations. - Implements a structured 7-step review workflow, including scope clarification, workspace context sync, intent inference, visual Mermaid diagram summaries, rigorous issue validation with sub-agents, interactive fix selection, and consistent language output. - Requires evidence-based feedback referencing repository context and precise line ranges. - Ensures all code review interactions and suggestions are user language-consistent and include complete, enumerated fix options. - Enforces high-quality, action-oriented comments and excludes non-code files from review.
元数据
Slug trae-code-review-plus
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

trae-code-review-plus 是什么?

专业的代码审查 Skill。当用户要求进行代码评审、安全性检查或性能优化建议时调用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。

如何安装 trae-code-review-plus?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install trae-code-review-plus」即可一键安装,无需额外配置。

trae-code-review-plus 是免费的吗?

是的,trae-code-review-plus 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

trae-code-review-plus 支持哪些平台?

trae-code-review-plus 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 trae-code-review-plus?

由 Tom Mcpherson(@dnorris2926-0)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论