Adaptive Review
v1.1.0Adaptive code review that routes to haiku/sonnet/opus based on diff complexity signals. Use instead of requesting-code-review for cost-efficient reviews.
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim adaptive routing of code reviews; SKILL.md only requires git diff and greps code files, then routes to lightweight/medium/heavy reviewers. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Runtime instructions are focused on collecting git diff signals and grepping code files for risk keywords, then spawning subagents/models. This is appropriate for a review router, but it does mean full diffs (and any discovered matches) will be sent to the chosen model/endpoint when a review runs — a privacy / data-exfiltration consideration depending on which remote models/endpoints you use.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute; lowest install risk. README suggests optional git clone but that's typical and not required by the runtime instructions.
Credentials
The skill declares no required env vars or credentials. The OpenClaw/local variant documents optional environment variables for local endpoints — appropriate for the stated purpose. There are no unexplained credential requests. You should still validate any model endpoint/API keys you provide before use.
Persistence & Privilege
always is false, no privileged persistence requested, and autonomous invocation is the platform default. The skill does not attempt to modify other skills or system settings.
Assessment
This skill appears coherent: it only scans your git diff and routes review work to a smaller or larger reviewer depending on the signals. Before installing or running it, consider these points:
- Data exposure: adaptive-review will send diffs to whichever model/endpoint it spawns (haiku/sonnet/opus or any configured local endpoint). If those are remote cloud models, your code (including secrets contained in diffs) will be transmitted to that provider. If your repo contains sensitive data, either use a local/self-hosted endpoint (SKILL-openclaw.md guidance) or avoid running deep reviews against cloud models.
- Secret handling: the grep intentionally targets code files and excludes .md/.json/.yaml, which reduces false positives but may miss secrets in config files. If your secrets live in config files, adjust the scan or add pre-checks to mask/remove secrets before review.
- Overrides: users can force depths (--fast/--medium/--deep). A fast review may miss architecture/security issues; the skill sensibly recommends upgrading when fast finds potential issues.
- Test first: try the skill on a non-sensitive repository to verify how your platform performs subagent/model calls and to confirm which endpoints actually receive the diff payloads.
- Endpoint/config hygiene: if you use the OpenClaw/local variant, ensure the endpoints you configure are trustworthy and that any API keys are rotated and scoped appropriately.
If you want stricter safety: restrict the skill to local/self-hosted models only, extend the grep to include config files you use for secrets, or add a preflight that blocks reviews when known secret patterns are present.Like a lobster shell, security has layers — review code before you run it.
claude-codevk977tdx1ecpx9b08433jz6cg31840k6rcode-reviewvk977tdx1ecpx9b08433jz6cg31840k6rcost-optimizationvk977tdx1ecpx9b08433jz6cg31840k6rlatestvk977tdx1ecpx9b08433jz6cg31840k6rthink-anywherevk977tdx1ecpx9b08433jz6cg31840k6r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.