ClawHub

Code Review Assistant

v0.1.0

AI-powered code review assistant that analyzes pull requests, identifies potential bugs, security issues, code quality problems, and provides actionable impr...

0· 139·0 current·0 all-time
byhuajianjiu@huajianjiu000

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for huajianjiu000/code-review-assistant-2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Code Review Assistant" (huajianjiu000/code-review-assistant-2) from ClawHub.
Skill page: https://clawhub.ai/huajianjiu000/code-review-assistant-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install code-review-assistant-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install code-review-assistant-2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and SKILL.md are consistent: it is an instruction-only code review assistant that lists relevant security, quality, and performance checks. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions are high-level and confined to reviewing PRs (gather language/framework, files changed, purpose). That grants the agent discretion to request/consume PR diffs or file contents — expected for a review skill — but the guidance is broad rather than prescriptive about what exact data to request or how to handle sensitive content.
Install Mechanism
No install spec and no code files are present, so nothing is written to disk or fetched during install. This is the lowest-risk pattern for a skill of this type.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or unrelated service keys.
Persistence & Privilege
Skill uses default privileges (not always:true). Autonomous invocation is allowed by platform default but is not combined here with broad credential access or other elevated privileges.
Assessment
This skill appears coherent and low-risk: it only contains review instructions and requests no secrets or installs. Before using it, confirm what code/PR data you will share with the agent (avoid including secrets or private keys in diffs), prefer running it on non-sensitive or internal test repositories until you trust the skill, and consider using a vetted/internal code-review integration if handling highly confidential code. The SKILL.md is intentionally broad about what context to gather — be explicit about limits when invoking (e.g., only provide specific files or the PR diff) if you want to restrict data exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk976915g2w01xp5z1507fvwtws8567p4
139downloads
0stars
1versions
Updated 1w ago
v0.1.0
MIT-0
huajianjiu@huajianjiu000
latest
Download

Code Review Assistant

Description

An AI-powered code review assistant that analyzes pull requests, identifies potential bugs, security vulnerabilities, code quality issues, and provides actionable improvement suggestions. This skill helps maintain code quality standards and catch issues before they reach production.

When to Use

  • Reviewing pull requests for potential issues
  • Auditing code changes for security vulnerabilities
  • Ensuring code follows best practices and style guides
  • Identifying performance bottlenecks
  • Checking for test coverage gaps
  • Validating code complexity

Review Checklist

Security Issues

  • SQL injection vulnerabilities
  • XSS (Cross-Site Scripting) risks
  • Authentication/authorization flaws
  • Sensitive data exposure
  • Insecure dependencies

Code Quality

  • Code duplication
  • Function/class complexity
  • Naming conventions
  • Comment quality
  • Error handling
  • Resource management

Performance

  • N+1 query problems
  • Unnecessary re-renders
  • Memory leaks
  • Inefficient algorithms
  • Missing caching opportunities

Best Practices

  • Test coverage
  • Documentation completeness
  • API consistency
  • Error handling patterns
  • Type safety

How to Use

  1. When asked to review code, first gather context:

    • The programming language and framework
    • The files/functions changed
    • The purpose of the changes

  2. Analyze the code systematically using the checklist

  3. Provide structured feedback with severity levels

Output Format

## Code Review Summary

### Overview
[Brief description of what the PR does]

### Issues Found

#### Critical (🔴)
- [Issue with location and fix suggestion]

#### High (🟠)
- [Issue with location and fix suggestion]

#### Medium (🟡)
- [Issue with location and fix suggestion]

#### Low (🟢)
- [Minor suggestions]

### Positive Aspects
- [What was done well]

### Recommendations
- [Additional suggestions]

Comments

Loading comments...