Skylv Code Reviewer
v1.0.3Code Review AI Assistant. Automated code review, find potential issues and improvement suggestions. Triggers: code review, review code, code quality, code an...
⭐ 0· 106·1 current·1 all-time
by@sky-lv
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the SKILL.md: it describes code quality, security checks, and repair suggestions. The skill declares no binaries, env vars, or config paths — these are proportionate for a reviewer helper.
Instruction Scope
SKILL.md contains only functions and example usages for analyzing code (review_code, analyze_complexity, detect_patterns). It does not instruct the agent to read arbitrary files, environment variables, or transmit data to third‑party endpoints. However the doc does not state where analysis runs (locally vs remote) or how submitted code is handled — a minor transparency gap.
Install Mechanism
There is no install spec in the registry bundle; the only install hint is a textual example 'clawhub install SKY-lv/code-reviewer'. No downloads, archives, or custom install steps are present in the package.
Credentials
No environment variables, credentials, or config paths are required. This is appropriate for the described functionality.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system privileges or modify other skills' config.
Assessment
This skill appears internally consistent and lightweight, but consider the following before installing: 1) The package is instruction-only and lists no network endpoints, but SKILL.md doesn't state where code is processed — avoid submitting secrets or production credentials for review unless you confirm processing is local/contained. 2) The skill.json references a GitHub repo but the registry metadata shows no homepage/source verification; if provenance matters, verify the repository/author before use. 3) Because the skill can analyze any code you provide, review and redact sensitive data from samples. 4) If you plan to run an install command (the SKILL.md example uses 'clawhub install'), ensure you trust that installation source and inspect any downloaded code before execution.Like a lobster shell, security has layers — review code before you run it.
latest
CodeReview Agent Skill
AI-powered code review and quality analysis agent
功能
- 代码质量分析 - 检测代码异味、复杂度问题
- 安全漏洞扫描 - SQL注入、XSS、敏感信息泄露
- 性能优化建议 - 识别性能瓶颈
- 最佳实践检查 - 符合语言规范和设计模式
- 自动修复建议 - 提供可执行的修复代码
使用场景
用户: 帮我审查这段Python代码的安全性
Agent: [调用code-reviewer skill分析代码,输出安全问题列表和修复建议]
工具函数
review_code(code, language, focus_areas)
审查代码并返回分析报告。
参数:
code(str): 要审查的代码language(str): 编程语言 (python/javascript/go/rust/java等)focus_areas(list): 关注点 ['security', 'performance', 'style', 'complexity']
返回:
{
"issues": [
{
"type": "security",
"severity": "high",
"line": 42,
"message": "Potential SQL injection vulnerability",
"suggestion": "Use parameterized queries"
}
],
"score": 75,
"summary": "代码整体可读性良好,但存在安全风险"
}
analyze_complexity(code, language)
分析代码复杂度(圈复杂度、认知复杂度)。
detect_patterns(code, language)
检测代码中使用的设计模式。
配置
{
"rules": {
"max_complexity": 10,
"max_line_length": 120,
"require_docstring": true,
"security_checks": ["injection", "xss", "secrets"]
}
}
示例
# 审查Python代码
result = review_code('''
def get_user(id):
query = f"SELECT * FROM users WHERE id = {id}"
return db.execute(query)
''', 'python', ['security'])
# 输出:
# [HIGH] SQL Injection: Use parameterized queries
# Line 3: query = f"SELECT * FROM users WHERE id = {id}"
# Suggestion: query = "SELECT * FROM users WHERE id = ?"
安装
clawhub install SKY-lv/code-reviewer
License
MIT
Usage
- Install the skill
- Configure as needed
- Run with OpenClaw
Comments
Loading comments...