技能详情(站内镜像,无评论)
作者:Alireza Rezvani @alirezarezvani
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 182 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:alirezarezvani/code-reviewer-2
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill mostly does what it says (local code-review analysis) but is internally inconsistent: it ships Python scripts that expect git/python on PATH yet the skill declares no required binaries or install steps, so you should review and validate the scripts and run them in an isolated environment before trusting them.
目的
The declared purpose (automated code review) matches the included scripts and reference docs. However the skill declares no required binaries or install steps even though the SKILL.md and the shipped tools explicitly run via the 'python' interpreter and the PR analyzer calls 'git' via subprocess. Not declaring Python and git is an incoherence that could lead to runtime failures or surprise if the agent environment differs.
说明范围
SKILL.md instructs the agent (and user) to run local Python scripts against a repository path; the scripts read repository files, diffs, commit messages and produce JSON/markdown reports. That behavior is expected for a code-review tool, but it means the skill will scan all files you point it at (including secrets). The instructions do not ask for unrelated system files or external credentials.
安装机制
There is no install spec (instruction-only), which is low-risk, but three substantive Python scripts are included and intended to be executed. Because the package contains executable code but does not declare runtime binary requirements, there's a mismatch between packaging and runtime behavior.
证书
The skill declares no required environment variables or credentials, and the scripts do not read secrets from env; that is proportionate. However the scripts do invoke git and run Python subprocesses, so they implicitly require access to the filesystem and local git history. The absence of an explicit 'requires: python, git' is a notable omission.
持久
The skill is not marked always:true and does not request persistent system-wide privileges. It runs as an on-demand tool that executes local analysis; nothing in the files attempts to modify other skills or system settings.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Senior Code Reviewer」。简介:Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. A…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/alirezarezvani/code-reviewer-2/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: code-reviewer
description: Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.
---
# Code Reviewer
Automated code review tools for analyzing pull requests, detecting code quality issues, and generating review reports.
---
## Table of Contents
- [Tools](#tools)
- [PR Analyzer](#pr-analyzer)
- [Code Quality Checker](#code-quality-checker)
- [Review Report Generator](#review-report-generator)
- [Reference Guides](#reference-guides)
- [Languages Supported](#languages-supported)
---
## Tools
### PR Analyzer
Analyzes git diff between branches to assess review complexity and identify risks.
```bash
# Analyze current branch against main
python scripts/pr_analyzer.py /path/to/repo
# Compare specific branches
python scripts/pr_analyzer.py . --base main --head feature-branch
# JSON output for integration
python scripts/pr_analyzer.py /path/to/repo --json
```
**What it detects:**
- Hardcoded secrets (passwords, API keys, tokens)
- SQL injection patterns (string concatenation in queries)
- Debug statements (debugger, console.log)
- ESLint rule disabling
- TypeScript `any` types
- TODO/FIXME comments
**Output includes:**
- Complexity score (1-10)
- Risk categorization (critical, high, medium, low)
- File prioritization for review order
- Commit message validation
---
### Code Quality Checker
Analyzes source code for structural issues, code smells, and SOLID violations.
```bash
# Analyze a directory
python scripts/code_quality_checker.py /path/to/code
# Analyze specific language
python scripts/code_quality_checker.py . --language python
# JSON output
python scripts/code_quality_checker.py /path/to/code --json
```
**What it detects:**
- Long functions (>50 lines)
- Large files (>500 lines)
- God classes (>20 methods)
- Deep nesting (>4 levels)
- Too many parameters (>5)
- High cyclomatic complexity
- Missing error handling
- Unused imports
- Magic numbers
**Thresholds:**
| Issue | Threshold |
|-------|-----------|
| Long function | >50 lines |
| Large file | >500 lines |
| God class | >20 methods |
| Too many params | >5 |
| Deep nesting | >4 levels |
| High complexity | >10 branches |
---
### Review Report Generator
Combines PR analysis and code quality findings into structured review reports.
```bash
# Generate report for current repo
python scripts/review_report_generator.py /path/to/repo
# Markdown output
python scripts/review_report_generator.py . --format markdown --output review.md
# Use pre-computed analyses
python scripts/review_report_generator.py .
--pr-analysis pr_results.json
--quality-analysis quality_results.json
```
**Report includes:**
- Review verdict (approve, request changes, block)
- Score (0-100)
- Prioritized action items
- Issue summary by severity
- Suggested review order
**Verdicts:**
| Score | Verdict |
|-------|---------|
| 90+ with no high issues | Approve |
| 75+ with ≤2 high issues | Approve with suggestions |
| 50-74 | Request changes |
| <50 or critical issues | Block |
---
## Reference Guides
### Code Review Checklist
`references/code_review_checklist.md`
Systematic checklists covering:
- Pre-review checks (build, tests, PR hygiene)
- Correctness (logic, data handling, error handling)
- Security (input validation, injection prevention)
- Performance (efficiency, caching, scalability)
- Maintainability (code quality, naming, structure)
- Testing (coverage, quality, mocking)
- Language-specific checks
### Coding Standards
`references/coding_standards.md`
Language-specific standards for:
- TypeScript (type annotations, null safety, async/await)
- JavaScript (declarations, patterns, modules)
- Python (type hints, exceptions, class design)
- Go (error handling, structs, concurrency)
- Swift (optionals, protocols, errors)
- Kotlin (null safety, data classes, coroutines)
### Common Antipatterns
`references/common_antipatterns.md`
Antipattern catalog with examples and fixes:
- Structural (god class, long method, deep nesting)
- Logic (boolean blindness, stringly typed code)
- Security (SQL injection, hardcoded credentials)
- Performance (N+1 queries, unbounded collections)
- Testing (duplication, testing implementation)
- Async (floating promises, callback hell)
---
## Languages Supported
| Language | Extensions |
|----------|------------|
| Python | `.py` |
| TypeScript | `.ts`, `.tsx` |
| JavaScript | `.js`, `.jsx`, `.mjs` |
| Go | `.go` |
| Swift | `.swift` |
| Kotlin | `.kt`, `.kts` |