技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 15 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:aibenyclaude-coder/tetra-scar-code-review
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code, instructions, and requirements are coherent with a local, pattern-based code review tool that stores scars in a local JSONL file; it does not request extra credentials, network access, or install remote code.
目的
Name/description (learning code-review via scars) matches the shipped files and declared requirements: Python 3 only, local CLI/API, local JSONL storage. No unrelated credentials, binaries, or installs are requested.
说明范围
Runtime instructions operate on local files and diffs and instruct storing scars to a local review_scars.jsonl — which is consistent. One operational note: scars include user-supplied regex patterns and keyword text which the reflex_check runs against diffs; overly broad or malicious regexes could cause false positives or heavy CPU (ReDoS) when scanning large diffs. The skill also reads/writes files in the current working directory (expected b…
安装机制
Instruction-only with bundled Python source files and no install spec — lowest risk. Nothing is downloaded or executed from remote URLs.
证书
No environment variables, credentials, or external config paths are required; requested resources are proportional to a local static analysis tool.
持久
always:false and no code to modify other skills or system-wide agent settings. The only persistent effect is writing/reading a local review_scars.jsonl file (configurable via scar_file parameter), which is reasonable for this tool.
test_scar_code_review.py:121
Dynamic code execution detected.
综合结论
This skill appears to do what it says: local, regex/heuristic code review plus a local scar database. Before installing or running it: (1) review the scar JSONL contents or configure the scar file location to a safe directory you control (to avoid unexpected blocks), (2) avoid importing or trusting scars from untrusted sources because regex patterns can trigger false blocks or cause heavy CPU (ReDoS) on large diffs, (3) run the tool in a sandb…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Tetra Scar Code Review」。简介:Code review that learns from failures. Reflex arc blocks repeat mistakes withou…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aibenyclaude-coder/tetra-scar-code-review/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: scar-code-review
description: >
Code review that learns from failures.
Reflex arc blocks repeat mistakes without LLM calls.
Combines systematic checklist review (security, performance, correctness, maintainability)
with scar memory — when a review misses a bug, record a scar, and the reflex arc
automatically flags similar patterns next time.
version: 0.1.0
author: b-button-corp
tags:
- code-review
- safety
- memory
- learning
- scar
requires:
binaries:
- python3
---
# scar-code-review
## What this does
A code review system that **learns from its own misses**. Two layers work together:
1. **Checklist review** — Regex/heuristic checks across 4 dimensions:
- **Security**: SQL injection, hardcoded secrets, XSS, eval/exec
- **Performance**: N+1 queries, missing pagination, unbounded SELECTs
- **Correctness**: Unchecked nulls, off-by-one patterns, unhandled promises
- **Maintainability**: Long functions, deep nesting, magic numbers
2. **Scar reflex arc** — Pattern-matching against past review misses. When a review
fails to catch a bug that later causes an incident, record a scar. Next time,
the reflex fires before the LLM even looks at the diff.
No external dependencies. stdlib only. Python 3.9+.
## Quick start
Review a file:
```
python3 scar_code_review.py review path/to/file.py
```
Check a diff against past scars:
```
python3 scar_code_review.py check-diff path/to/changes.diff
```
Record a missed review finding:
```
python3 scar_code_review.py record-miss
--what-missed "Missed SQL injection in user input handler"
--pattern "execute.*format.*user"
--severity critical
```
## File format
JSONL, compatible with tetra-scar:
```json
{"id":"rscar_1234","what_missed":"...","pattern":"...","severity":"critical","created_at":"..."}
```
## Integration
```python
from scar_code_review import review, reflex_check, record_miss, load_review_scars
# Review a file
findings = review("app/views.py")
for f in findings:
print(f"{f['severity']} [{f['dimension']}] {f['message']} (line {f['line']})")
# Check diff against past scars
scars = load_review_scars()
blocks = reflex_check(diff_text, scars)
for b in blocks:
print(f"BLOCKED: {b}")
# Record a miss after an incident
record_miss(
what_missed="Missed unvalidated redirect",
pattern="redirect.*request\.GET",
severity="high",
)
```