ClawHub

Code Review Service

v1.0.0

提供全面代码审查,涵盖功能、可读性、性能、安全性和可维护性,生成详细改进报告提升代码质量。

0· 64·0 current·0 all-time
by@yang1002378395-cmyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with SKILL.md content: step-by-step guidance for functional/readability/performance/security/maintainability reviews and report templates. References to SonarQube/ESLint/GitHub/GitLab are reasonable for a code-review workflow.
Instruction Scope
SKILL.md stays within code-review scope (checklists, report templates, communication tips). It suggests using external analysis tools and repository review workflows but does not itself instruct the agent to fetch files, read system paths, or exfiltrate data. Minor ambiguity: automated use of SonarQube/ESLint or MR review implies repo/tool access (not described), so explicit access/credential steps would be needed for automation.
Install Mechanism
No install spec and no code files — instruction-only, nothing is written to disk and no external packages are fetched by the skill itself.
Credentials
No required environment variables, credentials, or config paths are declared. This is proportional for a guidance-only skill. If you later integrate it with CI/tools you will need to supply appropriate tokens — those are not requested by the skill.
Persistence & Privilege
always is false and the skill is user-invocable only; it does not request permanent elevated privileges or write to other skills' configs.
Assessment
This skill is an instruction-only code-review template and appears coherent with its purpose. Points to consider before installing or using it in automated workflows: - Source is unknown (no homepage); prefer skills from known maintainers when possible. - The skill itself requests no credentials, but following its advice (running SonarQube, ESLint, or performing MR reviews) will require access tokens and repository read access — grant those minimally (read-only, scoped service accounts) and avoid reusing admin credentials. - If you plan to let an agent automatically fetch repositories or run analysis tools, isolate that capability (dedicated service account, limited permissions) and review logs/outputs for leaked secrets. - Review generated reports before sharing externally — code reviews can inadvertently include sensitive snippets (API keys, internal URLs). - Because this is guidance-only (no code/install), the direct risk from the skill is low; the primary risk comes from how you connect it to your code and tools. Ensure standard operational precautions when integrating with CI/CD or repo hosting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4dvch4m85w3q2w8739y5zx83s1hv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments