Eo Ability Code Review
v1.0.0代码审查能力,调用CodeReviewer专家进行安全、性能、风格全面审查,输出问题列表和改进建议
⭐ 0· 94·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (code review for security/performance/style) matches the instructions and declared interfaces. The skill expects a codePath input and returns review results, which is appropriate for a code-review capability. One minor inconsistency: SKILL.md shows CLI usage (/code-review) and refers to a 'CodeReviewer专家' expert pool, but the skill declares no required binaries or external dependencies — that CLI/expert is not provided in the skill bundle.
Instruction Scope
SKILL.md stays within the code-review domain: it describes running reviews, scoring, and producing issue lists. It implies reading the code at the provided codePath (expected). It does not instruct reading unrelated system files or environment variables. Note: because it will read repository files supplied as codePath, those files may contain secrets — the skill does not state any data-handling or exfiltration restrictions.
Install Mechanism
No install spec and no code files — lowest-risk execution model for an instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. That aligns with a passive code-review helper. There are no unexpected credential requests in the SKILL.md.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent or elevated privileges and does not attempt to modify other skills' configuration in its instructions.
Assessment
This skill appears to do what it claims — automated code review — but be cautious before using it on sensitive repositories. The SKILL.md references a /code-review CLI and an external 'CodeReviewer' expert pool but provides no binaries or install steps, so make sure you understand how your platform will satisfy that dependency before running it. Test the skill on a non-sensitive example repo first, and don't supply code that contains secrets (API keys, credentials, private keys) until you trust the skill's source and the platform integration. If you need higher assurance, ask the publisher for details about the 'CodeReviewer' expert backend and any data handling / retention policies.Like a lobster shell, security has layers — review code before you run it.
latestvk97er7j5wx8hk2rk7new6e2vnh84cp3g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.