Install
openclaw skills install @mindbomber/aana-code-change-reviewReviews and verifies code changes for scope, correctness, security, testing, secrets, and risks before commits, PRs, or deployments.
openclaw skills install @mindbomber/aana-code-change-reviewUse this skill when an OpenClaw-style agent may edit code, change configuration, run risky commands, create commits, open pull requests, claim tests passed, publish code, or make broad repository changes.
This is an instruction-only skill. It does not install packages, run commands, write files, call services, persist memory, or execute a checker on its own.
Code changes should be scoped to the request, reviewable, tested honestly, free of secrets, and reversible before they become commits, pull requests, releases, or deployed behavior.
The agent should separate:
Use this skill before:
Treat these as higher risk:
Before a code edit, commit, or PR, verify:
Do not claim a check passed unless it actually ran and returned success.
Use precise language:
X; it passed."Y."X was run; broader coverage remains unverified."Do not imply full validation from partial evidence. A targeted unit test is not a full release gate. A type check is not a security review. A successful local build is not proof that production deploy is safe.
Revise or ask before:
Block or revise any change that includes:
Prefer placeholders such as:
<REDACTED_API_KEY>
<REDACTED_TOKEN>
<REDACTED_ACCOUNT_ID>
Ask for explicit user approval before commands or tool actions that may:
Refuse or defer if the action would destroy unrelated work, bypass review, hide changes, or affect systems outside the user's request.
Before committing or opening a PR, confirm:
When using a configured AANA checker, send only a minimal review payload:
task_summarychange_typechanged_scope_summaryrisk_classestest_evidencesecret_scan_statusdestructive_command_statusscope_statusrecommended_actionDo not include raw secrets, private records, full logs, full diffs, or unrelated files when a redacted summary is enough.
For code-sensitive work, prefer:
Code change review:
- Scope: ...
- Files: ...
- Risk: ...
- Tests: ran ... / not run ...
- Secret check: ...
- Command risk: ...
- Decision: accept / revise / ask / defer / refuse
Do not include this review block unless useful to the user, needed before a risky action, or requested by the review workflow.