frontend-code-review
v1.0.0从架构、可维护性、类型安全、可访问性、样式一致性、性能和可测试性等角度审查前端代码,并将报告保存为 Markdown 文件。当用户要求代码审查、Review、评审代码质量时自动激活。
⭐ 0· 116·1 current·1 all-time
byBovin Phang@bovinphang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (frontend code review across architecture, types, accessibility, etc.) matches the SKILL.md instructions. The skill does not request credentials, binaries, or installs — which is proportional. One implicit requirement: to perform reviews it needs read access to the project's source files (the SKILL.md assumes the agent can inspect the repo) and a way to write files (the 'Write tool') — these accesses are reasonable for a code-review skill but are not explicitly declared.
Instruction Scope
Instructions are focused on reviewing front-end code and producing a Markdown report. They do not instruct reading unrelated system paths, exfiltrating data, or calling external endpoints. The SKILL.md does assume the agent will read project source files and will save the report under reports/ using a Write tool; it does not give open-ended permissions or vague ‘gather whatever context you need’ directives.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or fetched during install. This is the lowest-risk install posture and is coherent with the skill's function.
Credentials
The skill requests no environment variables, credentials, or config paths. That is appropriate for a purely local/source-based code review tool. Note: because it reads project files, any secrets present in source will be visible to the agent — the skill itself does not request secret access tokens.
Persistence & Privilege
always is false and autonomous invocation is allowed (default), which is standard for skills. The skill does not request persistent system-wide privileges or modifications to other skills/configurations.
Assessment
This skill appears coherent and focused on reviewing frontend code and saving a Markdown report. Before installing/use: 1) Confirm the agent has explicit read access to the repository you want reviewed and that you are comfortable with the agent reading those files (sensitive data in code will be visible). 2) Ensure the environment provides the expected 'Write' tool or file-write capability so reports can be created at reports/code-review-YYYY-MM-DD-HHmmss.md. 3) If you do not want the agent to access private repos or secrets, test the skill on a non-sensitive sample project first. 4) If you are concerned about autonomous runs, restrict invocation or monitor when the skill is activated. Overall the skill is internally consistent (benign) but exercise normal caution about exposing source code to any automated agent.Like a lobster shell, security has layers — review code before you run it.
latestvk97dwx505p77xg2emgp3vp827h83nkww
License
MIT-0
Free to use, modify, and redistribute. No attribution required.