AI Code Review
v1.0.0Provides detailed, prioritized code review feedback on security, performance, correctness, and maintainability issues for multiple major programming languages.
⭐ 1· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description ('AI Code Review') matches the SKILL.md instructions: the document defines a structured review process (security, performance, correctness, maintainability) across common languages. It does not request unrelated resources (cloud creds, system binaries, etc.).
Instruction Scope
Runtime instructions are limited to reading code, diffs, commit messages/PR descriptions, and producing review output. There are no steps that tell the agent to access arbitrary system files, external endpoints, or environment variables beyond the code under review. The guidance to 'review the diff' and to use linters/type-checkers is appropriate for the stated purpose.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by the skill itself. That minimizes install-time risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The review tasks described do not appear to require extra credentials. Requested access is proportional to a code-review assistant.
Persistence & Privilege
always is false and no persistent/privileged behavior is requested. The skill is user-invocable and may be invoked autonomously by the agent per platform defaults, which is normal for skills and not a red flag on its own.
Assessment
This skill appears coherent and low-risk because it is purely instructional and requests no credentials or installs. Before using it, make sure: (1) you only give the agent access to the repository or PR you intend it to review (avoid exposing other private repos or secrets), (2) automated suggestions are reviewed by a human before applying changes (the skill will propose code fixes), and (3) you audit any outputs that might include sensitive data found in the reviewed code (for example, hardcoded keys discovered by the review) so they aren't accidentally shared. If you plan to let the agent invoke skills autonomously, be aware the skill can be called during agent runs — that is normal, but ensure agent permissions are scoped appropriately.Like a lobster shell, security has layers — review code before you run it.
code-reviewvk97cjn9sy00hgynzx0328m9mb583qz7qengineeringvk97cjn9sy00hgynzx0328m9mb583qz7qjavascriptvk97cjn9sy00hgynzx0328m9mb583qz7qlatestvk97cjn9sy00hgynzx0328m9mb583qz7qperformancevk97cjn9sy00hgynzx0328m9mb583qz7qpythonvk97cjn9sy00hgynzx0328m9mb583qz7qsecurityvk97cjn9sy00hgynzx0328m9mb583qz7q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.