ClawHub

code

Comprehensive code review assistant that analyzes code quality, identifies bugs, suggests improvements, and ensures adherence to best practices. Use when rev...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 20 · 0 current installs · 0 all-time installs
byEvin Guo@GuoShamin
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md content: it explains code review steps, language-specific guidance, and a review template. It does not request unrelated capabilities (no cloud creds, no unrelated binaries).
Instruction Scope
Runtime instructions are narrowly focused on reviewing source code, security, performance, style, and tests. The SKILL.md does not instruct reading unrelated system files or exfiltrating data. Note: the skill metadata lists allowed-tools (Read, Grep, Glob, Bash) which are appropriate for scanning repositories, and the document does not direct those tools to access secrets or external endpoints.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, so nothing will be downloaded or written to disk during installation.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is proportionate for a code-review guidance tool.
Persistence & Privilege
The skill does not request always:true or any elevated persistence. It is user-invocable and allows normal autonomous invocation, which is the platform default and appropriate here.
Assessment
This skill is an instruction-only code-review helper and appears internally consistent. Before installing, confirm you trust the skill owner (source/homepage are unknown) and limit the agent's repository/file access to only the code you want reviewed (the skill's allowed-tools include Bash and Read which can inspect project files). If you plan to use it on private repos, ensure the agent does not also have access to unrelated secrets or system config. Finally, remember this provides review guidance — it does not replace running real static analyzers or tests; consider pairing its suggestions with automated linters and CI checks.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk975dfez6n4nqby621qe8z7zwn830tht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Code Review Assistant

Overview

This skill helps you perform thorough code reviews by analyzing code quality, identifying potential issues, and suggesting improvements. It follows industry best practices and can adapt to different programming languages and coding standards.

Key Features

  • Security Analysis: Identify common security vulnerabilities (SQL injection, XSS, CSRF, etc.)
  • Performance Review: Detect performance bottlenecks and inefficient code patterns
  • Code Style: Check adherence to coding conventions and best practices
  • Bug Detection: Identify logical errors, edge cases, and potential bugs
  • Documentation: Verify code documentation and suggest improvements
  • Test Coverage: Analyze test quality and coverage

Review Process

1. Initial Assessment

When reviewing code, start by understanding:

  • What problem is being solved?
  • What files are changed?
  • What is the scope of changes?

2. Security Review

Check for common vulnerabilities:

Input Validation

  • Validate all user inputs
  • Sanitize data before use
  • Check for injection vulnerabilities

Authentication & Authorization

  • Verify proper access controls
  • Check for authentication bypasses
  • Ensure sensitive data protection

Data Handling

  • Check for hardcoded credentials
  • Verify secure data storage
  • Review logging of sensitive information

3. Code Quality Review

Readability

  • Clear variable and function names
  • Appropriate comments for complex logic
  • Consistent formatting and style

Maintainability

  • DRY principle (Don't Repeat Yourself)
  • Single Responsibility Principle
  • Proper error handling

Performance

  • Efficient algorithms and data structures
  • Avoid unnecessary loops or computations
  • Proper resource management (memory, connections)

4. Testing Review

Test Coverage

  • Unit tests for critical functions
  • Integration tests for workflows
  • Edge cases and error conditions

Test Quality

  • Clear test names describing what's tested
  • Proper assertions
  • Independent and repeatable tests

Language-Specific Considerations

Python

  • Follow PEP 8 style guidelines
  • Use type hints where appropriate
  • Proper exception handling with specific exception types
  • Avoid mutable default arguments

JavaScript/TypeScript

  • Use const/let instead of var
  • Proper async/await error handling
  • TypeScript: leverage type system fully
  • Avoid callback hell, use Promises

Java

  • Follow naming conventions (CamelCase)
  • Proper exception handling
  • Resource management with try-with-resources
  • Thread safety considerations

Go

  • Follow Go idioms and conventions
  • Proper error handling (don't ignore errors)
  • Use defer for cleanup
  • Context usage for cancellation

Review Template

When providing review feedback, use this structure:

## Code Review Summary

**Overall Assessment**: [Brief overview]

### 🔴 Critical Issues
- [Issue 1 with location and severity]
- [Issue 2 with location and severity]

### 🟡 Improvements Suggested
- [Suggestion 1 with reasoning]
- [Suggestion 2 with reasoning]

### 🟢 Positive Aspects
- [What was done well]
- [Good practices observed]

### 📝 Additional Notes
- [Any other observations or recommendations]

Common Anti-Patterns to Watch For

General

  • Magic numbers (use named constants)
  • Deep nesting (refactor for readability)
  • God objects/classes (break into smaller components)
  • Tight coupling (prefer dependency injection)

Performance

  • N+1 query problems
  • Inefficient string concatenation in loops
  • Memory leaks (unreleased resources)
  • Synchronous operations blocking main thread

Security

  • SQL injection vulnerabilities
  • Cross-site scripting (XSS)
  • Insecure direct object references
  • Missing rate limiting

Best Practices

  1. Be Constructive: Provide actionable feedback with examples
  2. Prioritize: Focus on critical issues first
  3. Explain Why: Don't just point out problems, explain the reasoning
  4. Suggest Alternatives: Offer concrete solutions or improvements
  5. Acknowledge Good Work: Recognize well-written code and good practices
  6. Stay Objective: Focus on the code, not the developer

Example Reviews

Example 1: Security Issue

File: user_controller.py:45

# ❌ Problematic
query = f"SELECT * FROM users WHERE email = '{email}'"
cursor.execute(query)

Issue: SQL injection vulnerability. User input is directly interpolated into SQL query.

Suggested Fix:

# ✅ Better
query = "SELECT * FROM users WHERE email = %s"
cursor.execute(query, (email,))

Example 2: Performance Issue

File: data_processor.js:120

// ❌ Problematic
for (let item of items) {
  result += processItem(item);  // String concatenation in loop
}

Issue: Inefficient string concatenation in loop causes O(n²) performance.

Suggested Fix:

// ✅ Better
const parts = items.map(item => processItem(item));
result = parts.join('');

Guidelines for Reviewers

  • Review code changes within 24 hours when possible
  • Focus on objective improvements, not personal preferences
  • Use inline comments for specific issues
  • Provide summary comments for overall feedback
  • Approve when code meets standards, even if minor improvements exist
  • Request changes only for significant issues
  • Use suggestions feature for minor fixes

When to Use This Skill

Use this skill when:

  • Reviewing pull requests
  • Conducting code quality audits
  • Onboarding new team members (teaching good practices)
  • Refactoring legacy code
  • Establishing coding standards
  • Pre-release security reviews

References

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…