Local Cpp Code Review

v0.1.1

遍历指定本地目录，对所有 C/C++ 源代码进行生产就绪性审查、质量检查及潜在漏洞分析。

⭐ 0· 95·0 current·0 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhouzy-creator/local-code-review.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Local Cpp Code Review" (zhouzy-creator/local-code-review) from ClawHub.
Skill page: https://clawhub.ai/zhouzy-creator/local-code-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install local-code-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install local-code-review

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (local C/C++ code review) align with the instructions: scanning a user-provided directory for .c/.cpp/.h/.hpp files and performing static review. No unrelated credentials, binaries, or installs are requested.

ℹ

Instruction Scope

SKILL.md explicitly instructs filesystem traversal (e.g., ls -R) and reading source files to produce issue classifications and code diffs. This is expected for a local code-reviewer, but it necessarily grants the agent access to all files under the provided target directory (which may include secrets or unrelated files). The skill includes guidance to ignore third-party/vendor directories, which reduces noise.

✓

Install Mechanism

No install spec or code files are present; this is an instruction-only skill that relies on the agent's existing ability to read local files. That minimizes install-time risk.

✓

Credentials

The skill declares no environment variables, credentials, or config paths. It does not request unrelated secrets or external service tokens.

✓

Persistence & Privilege

always:false and no instructions to modify agent/system-wide configs or persist credentials. The skill does not request permanent presence or elevated platform privileges.

Assessment

This skill is internally consistent for reviewing local C/C++ source trees. Before running it, ensure you: 1) only point it at directories you trust (it will read all files under the target path and may therefore expose secrets embedded in source/config files); 2) prefer running in a sandboxed or read-only context if possible; 3) explicitly confirm/limit excluded paths (third_party, vendor, build artifacts) to avoid scanning large or sensitive folders; and 4) review the generated report locally before sharing its contents externally. If you need stricter controls, consider running the review on a checked-out subset of the repository or on a sanitized copy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eqc5d4av821fvbyb5gvn91585b6t6

95downloads

0stars

2versions

Updated 5d ago

v0.1.1

MIT-0

本地 C/C++ 代码审查 (OpenClaw 版)

当用户要求“审查 [目录] 目录的代码”时，调用此 Skill。该工具直接扫描本地文件系统，对 C/C++ 核心逻辑进行深度分析。

核心流程

1. 目录扫描： 使用 ls -R 或文件遍历工具定位指定目录下的所有 .c, .cpp, .h, .hpp 文件。

2. 分段审查： 由于上下文限制，如果目录较大，应按模块或文件组分批调用审查模型。

3. 触发指令：

"审查 ./src 目录的代码"
"检查当前文件夹下 C++ 源码的质量"

审查维度 (针对 C/C++)

内存安全： 检查是否存在内存泄漏（如 new 无 delete）、野指针、缓冲区溢出（使用 strcpy 等危险函数）。
资源管理： 是否遵循 RAII 原则？智能指针（unique_ptr, shared_ptr）使用是否得当？
并发安全： 检查死锁风险、未加锁的共享变量、竞态条件。
性能开销： 检查非必要的拷贝（如未传递 const reference）、昂贵的循环内操作。
现代化 C++： 是否使用了 C++11/14/17+ 的特性来简化代码？

交互模板 (local-code-reviewer.md )

调用时请按以下格式填充上下文：

{TARGET_DIRECTORY}: 待审查的本地路径
{FILE_LIST}: 扫描到的文件清单
{CODE_SNIPPETS}: 关键文件的源代码内容
{CONSTRAINTS}: 项目特定的编码规范（如有）

输出规范

1. 扫描报告

列出已审查的文件数量及发现的问题汇总。

2. 问题分类

致命 (Critical): 内存崩溃、安全漏洞、逻辑死循环。
重要 (Important): 资源泄漏隐患、违反 RAII、缺乏异常处理。
建议 (Minor): 命名规范、冗余代码、现代化改进建议。

3. 修复示例

对每个“致命”和“重要”问题，必须提供修改前后的代码对比。

注意事项

禁止： 忽略本地路径中的第三方库（如 node_modules 或 vendor），只聚焦于业务源码。
建议： 优先检查头文件中的类定义，再检查实现文件。
限制： 如果单个文件超过 4k tokens，应采取“函数级”拆分审查。

Comments

Loading comments...