ClawHub

code-review-assistant

v1.0.0

代码 Review 助手。分析 Git diff 或代码片段,输出结构化中文 Review 报告,覆盖 Bug、安全漏洞、性能问题、可读性、最佳实践、类型安全、错误处理、测试覆盖。支持严格程度配置(信息/优化/标准/严重)和多种主流语言(Python/JS/TS/Java/Go/Rust)。支持 GitHub/G...

0· 169·0 current·0 all-time
by@xonet1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xonet1/cody.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "code-review-assistant" (xonet1/cody) from ClawHub.
Skill page: https://clawhub.ai/xonet1/cody
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cody

ClawHub CLI

Package manager switcher

npx clawhub@latest install cody
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files: SKILL.md describes code-review behavior and the repository provides get_diff.py and get_pr_diff.py plus language/rule references. The optional use of GITHUB_TOKEN / GITLAB_TOKEN in get_pr_diff.py is appropriate for fetching PR/MR diffs.
Instruction Scope
Runtime instructions are scoped to obtaining diffs (local git, PRs via API, or user-pasted snippets) and running language-specific checks. One attention point: the skill will read repository files or any file the user explicitly asks it to (via '--file' or '指定文件'), so sensitive files in the repo could be exposed if you request them — this is expected behavior for a review tool but worth being cautious about.
Install Mechanism
No install spec; this is an instruction-only skill with included Python helper scripts. Nothing downloads or extracts remote code or installs packages, so installation risk is low.
Credentials
The skill does not declare required env vars. get_pr_diff.py optionally reads GITHUB_TOKEN and GITLAB_TOKEN to access private PRs/MRs — these are directly relevant and proportionate to the described capability. No unrelated secrets or configuration paths are requested.
Persistence & Privilege
always is false and the skill has no install-time hooks or requests for permanent agent-wide privileges. It does not modify other skills or system-wide config.
Assessment
This skill appears to do what it says: fetch diffs and produce structured code-review reports. Before using it, consider: (1) Only provide GITHUB_TOKEN/GITLAB_TOKEN when necessary and prefer least-privilege / read-only tokens. (2) Avoid asking the skill to read or send files that contain secrets (keys, credentials) unless you intend to expose them. (3) The helper scripts use your local git repo and network calls to GitHub/GitLab — run them in a safe working directory and review output before sharing externally. (4) There is no installer or hidden network endpoint in the package; the main remaining risk is accidental exposure of repository contents if you request broad diffs or files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3rzjcf7h87shtgnttwq75s83dz9j
169downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@xonet1
latest
Download

代码 Review 助手

工作流程

第一步:获取代码

按优先级尝试以下方式:

  1. PR diff(最高优先级):运行 scripts/get_pr_diff.py,支持 GitHub/GitLab
  2. Git diff:运行 scripts/get_diff.py 获取本地变更
  3. 用户粘贴:直接分析用户提供的代码片段或 diff 文本
  4. 指定文件:读取用户指定的文件内容

第二步:确认严格程度

若用户未指定,默认使用标准模式

模式触发词检查范围
🔵 信息快速 review、简单看看命名规范、注释完整性
🟢 优化-(默认最低)可读性问题、最佳实践
🟡 建议标准 review+ 性能问题、明显 Bug
🔴 严重严格模式、PR review+ 安全漏洞、严重 Bug

详见 references/severity-guide.md

第三步:执行分析

按以下维度检查,详细规则见 references/review-dimensions.md

  • 🐛 潜在 Bug — 空指针、越界、异常处理、类型错误
  • 🔒 安全问题 — SQL 注入、XSS、硬编码密钥、权限校验
  • 性能问题 — N+1 查询、不必要循环、低效数据结构
  • 📖 可读性 — 过长函数、魔法数字、晦涩命名
  • 最佳实践 — DRY 原则、错误处理一致性
  • 🧪 类型安全 — 类型注解、隐式转换
  • 🛡️ 错误处理 — 异常捕获、返回值校验
  • 🧪 测试覆盖 — 关键逻辑缺少测试提示

第四步:语言特定规则

根据代码语言加载对应规则:references/languages/ 目录下包含:

  • python.md — Python 特定检查
  • javascript.md — JavaScript/TypeScript 检查
  • go.md — Go 语言检查
  • java.md — Java 检查
  • rust.md — Rust 检查

第五步:输出报告

支持三种格式,默认 Markdown:

  • Markdown(默认):适合直接阅读和分享
  • JSON:适合 CI 集成和二次处理,使用 --format json
  • HTML:适合生成可分享的报告,使用 --format html

输出模板见 references/report-template.md

快速参考

用户说对应操作
"review 最近的提交"get_diff.py --commits HEAD~1
"review 和 main 的差异"get_diff.py --branch main
"review GitHub PR #123"get_pr_diff.py --provider github --pr 123
"严格模式 review"启用 🔴 严重模式
"快速看看"启用 🔵 信息模式
"输出 JSON"使用 JSON 模板
"生成 HTML 报告"使用 HTML 模板

注意事项

  • 优先给出可操作的改进建议,不只是指出问题
  • 每条意见附带具体行号(如能定位)
  • 中文输出,技术术语保留英文原词
  • 若 diff 超过 500 行,按文件分批处理,每批处理完询问是否继续
  • 使用语言特定规则时,先识别代码语言再加载对应检查项

Comments

Loading comments...