code-reviewer - AI Code Review Assistant 🔍

Built for AI agent developers who care about code quality.

An intelligent code review assistant that analyzes your codebase and provides detailed, actionable feedback on:

• 🛡️ Security vulnerabilities
• ⚡ Performance bottlenecks
• 🧹 Code smells and anti-patterns
• ✨ Best practices adherence
• 📚 Documentation quality

🎯 Why code-reviewer?

When building AI agents with OpenClaw, code quality matters more than ever:

• Agents often run with elevated permissions
• Security vulnerabilities can be exploited by malicious prompts
• Performance issues compound when agents loop
• Maintainability is critical for evolving agent behavior

code-reviewer understands these unique challenges and provides tailored advice.

🚀 Quick Start

Review a single file

Tell your agent:

"Review the code quality of src/agent.js"

Review an entire directory

"Analyze all Python files in ./skills/my-skill/"

Get a detailed report

"Generate a full code review report for the current project"

📋 What Gets Checked

Security 🛡️

• Injection vulnerabilities - Command injection, path traversal, eval usage
• Sensitive data exposure - Hardcoded secrets, API keys in code
• Unsafe dependencies - Known CVEs in package.json/requirements.txt
• Permission issues - Overly broad file access, unnecessary privileges

Performance ⚡

• Inefficient algorithms - O(n²) when O(n) exists, unnecessary loops
• Memory leaks - Unreleased resources, closure traps
• Blocking operations - Sync file I/O in async contexts
• Redundant computations - Repeated calculations, unnecessary allocations

Code Quality 🧹

• Code smells - Long functions, deep nesting, duplicated code
• Naming conventions - Inconsistent or unclear variable names
• Dead code - Unused imports, unreachable statements
• Magic numbers - Hardcoded values without explanation

Best Practices ✨

• Error handling - Unhandled promises, swallowed exceptions
• Testing - Missing tests, low coverage areas
• Documentation - Missing docstrings, unclear comments
• Type safety - Missing type annotations (TypeScript/Python)

🎨 Output Format

Terminal Summary

🔍 Code Review Summary
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📁 Files analyzed: 12
⚠️  Issues found: 8

Severity Breakdown:
  🔴 Critical: 1
  🟠 High:     2
  🟡 Medium:   3
  🟢 Low:      2

Top Issues:
  1. [CRITICAL] SQL injection vulnerability in query.js:45
  2. [HIGH] Hardcoded API key in config.js:12
  3. [HIGH] Memory leak in worker.js:78

💡 Run with --detailed for full report

Detailed Markdown Report

Saved to code-review-report.md:

# Code Review Report

**Generated**: 2026-03-24 20:30 PDT
**Project**: my-agent-project
**Files Reviewed**: 12
**Total Issues**: 8

## 🔴 Critical Issues (1)

### 1. SQL Injection Vulnerability
**File**: `src/query.js:45`
**Severity**: CRITICAL

**Issue**:
Unsanitized user input directly interpolated into SQL query.

**Code**:
\`\`\`javascript
const query = `SELECT * FROM users WHERE id = ${userId}`;
\`\`\`

**Impact**:
Allows arbitrary SQL execution. Attacker could read/modify database.

**Fix**:
Use parameterized queries:
\`\`\`javascript
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
\`\`\`

---

## 🟠 High Priority Issues (2)

### 2. Hardcoded API Key
**File**: `config.js:12`
...

⚙️ Configuration

Create .codereview.json in your project root for custom rules:

{
  "severity": {
    "min": "medium",
    "failOnCritical": true
  },
  "ignore": {
    "files": ["*.test.js", "dist/*"],
    "rules": ["magic-numbers"]
  },
  "languages": ["javascript", "python"],
  "output": {
    "format": "markdown",
    "path": "./reports/code-review.md"
  }
}

🧠 How It Works

1. Parse - Reads your code files using OpenClaw's read tool
2. Analyze - Uses AI to understand code structure and intent
3. Detect - Applies security, performance, and quality rules
4. Report - Generates actionable findings with fix suggestions
5. Learn - Adapts to your codebase patterns over time

🌟 Features

Multi-Language Support

• ✅ JavaScript / TypeScript
• ✅ Python
• ✅ Go
• ✅ Rust
• ✅ Shell scripts
• 🔄 More languages coming soon

Smart Context Awareness

Understands your project type:

• OpenClaw skills and plugins
• Express/Fastify APIs
• React/Vue frontends
• CLI tools
• Lambda functions

Incremental Reviews

Reviews only changed files in Git:

"Review my latest changes"

Team Integration

Share review reports with your team:

• Export to GitHub PR comments
• Slack/Discord notifications
• Email summaries

💡 Usage Examples

Example 1: Pre-commit Review

Agent: Review all staged files before I commit

Output:

✅ All clear! No critical issues found.
💡 3 minor suggestions:
  - Consider adding error handling in auth.js:23
  - Variable 'temp' could use a better name in utils.js:56
  - Add JSDoc for function processData() in api.js:12

Example 2: Security Audit

Agent: Run a security audit on ./src/

Output:

🛡️ Security Audit Results
━━━━━━━━━━━━━━━━━━━━━━━

🔴 1 critical vulnerability found
🟠 2 high-risk issues detected

Details:
1. [CRITICAL] Command injection in exec.js
2. [HIGH] Sensitive data in logs
3. [HIGH] Missing input validation

📄 Full report: security-audit-2026-03-24.md

Example 3: Performance Check

Agent: Find performance bottlenecks in worker.js

Output:

⚡ Performance Analysis
━━━━━━━━━━━━━━━━━━━━━

Found 3 optimization opportunities:

1. Line 45: O(n²) loop - use Map for O(n)
2. Line 67: Sync file read blocks event loop
3. Line 89: Regex compiled in hot path

Estimated improvement: 85% faster

🔒 Privacy & Security

• ✅ Runs locally - Your code never leaves your machine
• ✅ No telemetry - Zero data collection
• ✅ Open source - Audit the code yourself
• ✅ Safe analysis - Never executes your code

📦 Installation

Via ClawHub (Recommended)

clawhub install code-reviewer

Manual Installation

git clone https://github.com/your-username/code-reviewer
cd code-reviewer
clawhub publish .

🤝 Contributing

Found a bug? Have a feature idea?

• 🐛 Report issues: GitHub Issues
• 💡 Suggest features: Discussions
• 🔧 Submit PRs: Contributing Guide

📜 License

MIT License - see LICENSE for details.

🙏 Acknowledgments

Built with ❤️ by 翠花 for the OpenClaw community.

Special thanks to:

• OpenClaw team for the amazing framework
• ClawHub for making skill distribution easy
• Early adopters for feedback and bug reports

📞 Support

• 📖 Documentation: Full docs
• 💬 Discord: Join #code-reviewer
• 📧 Email: support@your-domain.com

Made with 🌸 by 翠花 | ClawHub Pioneer