Iterative Code Review
v1.2.1Iterative code review using multiple independent subagent reviews. Use when user asks to review PR, code, or mentions "review", "审查", "检查代码", "代码质量". Assists...
⭐ 0· 550·1 current·1 all-time
byLucius.C@luciuscao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (iterative code review) align with the instructions: the SKILL.md expects git/gh/jq/node/npm, performs git diffs, spawns reviewers/fixers, and optionally applies fixes. The only minor mismatch is that the registry metadata lists no required binaries while SKILL.md documents required tooling; this is an informational mismatch but not a substantive incoherence.
Instruction Scope
Instructions stay within review scope: reading repo diffs, commit history, running build/tests, spawning subagents, and optionally applying fixes. Important safety note: the skill explicitly supports autoFix/autoContinue which will modify code and can perform automated multi-round fixes if enabled in ~/.openclaw/workspace/.iterative-code-review/preferences.json. Also it instructs running repo build/test commands (npm run build / npm test) which will execute repository code and test scripts — this is expected for a review tool but is an operational risk when the repository contains untrusted code.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute from an external download. No package installs or external archives are written to disk by the skill itself.
Credentials
The skill does not request environment variables or external credentials. It references local tooling (git, gh) which will use the user's existing auth if present. It does read a local preferences file under the user's home (~/.openclaw/workspace/.iterative-code-review/preferences.json) — this is proportional to providing user-configurable automation settings.
Persistence & Privilege
always:false and no installation makes this non-persistent. The skill will read and may write its own preferences file in the user's home workspace. The primary privilege concern is the optional autoFix/autoContinue behavior which — if the user enables it — allows automatic code modification, spawning of fixer subagents, and automated multi-round changes; by default those are disabled and user confirmation is required.
Assessment
This skill appears to be what it claims: a guided, iterative code-review helper. Before using it, review and consider the following: 1) Keep autoFix and autoContinue disabled unless you trust the repository and have backups — enabling them lets the skill automatically modify code. 2) The skill may run npm build/test and other repository scripts; these execute code from the repository and can have side effects (network access, spawning processes). Run on trusted repositories or in a sandbox. 3) The skill reads/writes a preferences file at ~/.openclaw/workspace/.iterative-code-review/preferences.json — inspect that file before enabling automation. 4) Confirm you are comfortable with the skill using your local git/gh credentials (it does not request tokens but will use configured CLI auth). 5) Note the small metadata mismatch: required tooling is documented in SKILL.md but not in registry binary metadata; ensure your environment has the listed tools before use.Like a lobster shell, security has layers — review code before you run it.
latestvk9732py6a99jaqmdjbhvf690ed83smt2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis