Local Cpp Code Review

v0.1.1

遍历指定本地目录，对所有 C/C++ 源代码进行生产就绪性审查、质量检查及潜在漏洞分析。

⭐ 0· 51·0 current·0 all-time

by@zhouzy-creator

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (local C/C++ code review) align with the instructions: scanning a user-provided directory for .c/.cpp/.h/.hpp files and performing static review. No unrelated credentials, binaries, or installs are requested.

ℹ

Instruction Scope

SKILL.md explicitly instructs filesystem traversal (e.g., ls -R) and reading source files to produce issue classifications and code diffs. This is expected for a local code-reviewer, but it necessarily grants the agent access to all files under the provided target directory (which may include secrets or unrelated files). The skill includes guidance to ignore third-party/vendor directories, which reduces noise.

✓

Install Mechanism

No install spec or code files are present; this is an instruction-only skill that relies on the agent's existing ability to read local files. That minimizes install-time risk.

✓

Credentials

The skill declares no environment variables, credentials, or config paths. It does not request unrelated secrets or external service tokens.

✓

Persistence & Privilege

always:false and no instructions to modify agent/system-wide configs or persist credentials. The skill does not request permanent presence or elevated platform privileges.

Assessment

This skill is internally consistent for reviewing local C/C++ source trees. Before running it, ensure you: 1) only point it at directories you trust (it will read all files under the target path and may therefore expose secrets embedded in source/config files); 2) prefer running in a sandboxed or read-only context if possible; 3) explicitly confirm/limit excluded paths (third_party, vendor, build artifacts) to avoid scanning large or sensitive folders; and 4) review the generated report locally before sharing its contents externally. If you need stricter controls, consider running the review on a checked-out subset of the repository or on a sanitized copy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eqc5d4av821fvbyb5gvn91585b6t6

51downloads

0stars

2versions

Updated 23h ago

v0.1.1

MIT-0

本地 C/C++ 代码审查 (OpenClaw 版)

当用户要求“审查 [目录] 目录的代码”时，调用此 Skill。该工具直接扫描本地文件系统，对 C/C++ 核心逻辑进行深度分析。

核心流程

1. 目录扫描： 使用 ls -R 或文件遍历工具定位指定目录下的所有 .c, .cpp, .h, .hpp 文件。

2. 分段审查： 由于上下文限制，如果目录较大，应按模块或文件组分批调用审查模型。

3. 触发指令：

"审查 ./src 目录的代码"
"检查当前文件夹下 C++ 源码的质量"

审查维度 (针对 C/C++)

内存安全： 检查是否存在内存泄漏（如 new 无 delete）、野指针、缓冲区溢出（使用 strcpy 等危险函数）。
资源管理： 是否遵循 RAII 原则？智能指针（unique_ptr, shared_ptr）使用是否得当？
并发安全： 检查死锁风险、未加锁的共享变量、竞态条件。
性能开销： 检查非必要的拷贝（如未传递 const reference）、昂贵的循环内操作。
现代化 C++： 是否使用了 C++11/14/17+ 的特性来简化代码？

交互模板 (local-code-reviewer.md )

调用时请按以下格式填充上下文：

{TARGET_DIRECTORY}: 待审查的本地路径
{FILE_LIST}: 扫描到的文件清单
{CODE_SNIPPETS}: 关键文件的源代码内容
{CONSTRAINTS}: 项目特定的编码规范（如有）

输出规范

1. 扫描报告

列出已审查的文件数量及发现的问题汇总。

2. 问题分类

致命 (Critical): 内存崩溃、安全漏洞、逻辑死循环。
重要 (Important): 资源泄漏隐患、违反 RAII、缺乏异常处理。
建议 (Minor): 命名规范、冗余代码、现代化改进建议。

3. 修复示例

对每个“致命”和“重要”问题，必须提供修改前后的代码对比。

注意事项

禁止： 忽略本地路径中的第三方库（如 node_modules 或 vendor），只聚焦于业务源码。
建议： 优先检查头文件中的类定义，再检查实现文件。
限制： 如果单个文件超过 4k tokens，应采取“函数级”拆分审查。

Comments

Loading comments...