ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Open Code Review

v1.0.0

Scan AI-generated code for hallucinated packages, stale APIs, security anti-patterns, and over-engineering. Use when: (1) reviewing PRs with AI-generated cod...

0· 309· 1 versions· 0 current· 0 all-time· Updated 19h ago· MIT-0
by@raye-deng

Security Scans

VirusTotalReviewClawScanReviewStatic analysisBenign

Install

openclaw skills install open-code-review

Open Code Review — AI Code Quality Scanner

Scan codebases for AI-specific defects that traditional linters (ESLint, SonarQube, Checkstyle) cannot detect.

What It Detects

CategoryExampleSeverity
Hallucinated packagesimport { parseJson } from 'fast-json-utils' (package doesn't exist on npm)🔴 Critical
Stale APIsresponse.json().then() with v2 API that was removed in v4🟡 Warning
Context breaksTwo files reference the same function name with different signatures🟡 Warning
Security anti-patternsHardcoded secrets, deprecated crypto, insecure defaults🔴 Critical
Over-engineeringUnnecessary abstraction layers, dead code, excessive indirection🔵 Info

Quick Start

# Install
npx @opencodereview/cli scan ./src --sla L1

# With AI-powered deep scan (requires Ollama or API key)
npx @opencodereview/cli scan ./src --sla L2

# Diff mode for CI/CD
npx @opencodereview/cli scan ./src --diff --base origin/main --head HEAD

# SARIF output for GitHub Actions
npx @opencodereview/cli scan ./src --format sarif --output results.sarif

Three Scan Levels

  • L1 — Structural analysis (AST, ~3 seconds, no AI needed)
  • L2 — L1 + Embedding recall (detects hallucinated packages via vector similarity)
  • L3 — L2 + LLM deep scan (understands context, semantics, business logic)

GitHub Action

- uses: raye-deng/open-code-review@v1
  with:
    scan-path: src/
    sla-level: L1
    diff-mode: true

MCP Server

Available on Smithery, Cursor Directory, and npm:

{
  "mcpServers": {
    "open-code-review": {
      "url": "https://open-code-review-mcp.v2ray-seins.workers.dev/mcp"
    }
  }
}

Or via stdio:

{
  "mcpServers": {
    "open-code-review": {
      "command": "npx",
      "args": ["-y", "@opencodereview/mcp-server"]
    }
  }
}

Supported Languages

TypeScript, JavaScript, Python, Java, Go, Kotlin

When to Use This Skill

  • A PR contains AI-generated code (Copilot, Cursor, Claude, GPT)
  • You want to catch defects that pass all unit tests but will fail in production
  • Pre-merge quality gate for AI-assisted development workflows
  • Scanning third-party AI-generated code before integration

When NOT to Use

  • Basic linting (use ESLint, Ruff, Checkstyle instead)
  • Code formatting (use Prettier, gofmt)
  • General code review guidance (use the built-in code-review skill)

Links

Version tags

aivk9740c78ydt3wnfmfv549dcm65831d13code-reviewvk9740c78ydt3wnfmfv549dcm65831d13latestvk9740c78ydt3wnfmfv549dcm65831d13mcpvk9740c78ydt3wnfmfv549dcm65831d13