技能详情(站内镜像,无评论)
作者:Kevin Anderson @anderskev
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.2.0
统计:⭐ 0 · 19 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:anderskev/liveview-code-review
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
An instruction-only LiveView code-review checklist that is internally consistent with its stated purpose and requests no credentials or installs.
目的
Name/description match the content: the skill provides checklists and reference docs for reviewing Phoenix LiveView code. It does not request unrelated binaries, env vars, or permissions.
说明范围
SKILL.md contains focused review instructions, examples, and a reporting format. It does reference an external file '../review-verification-protocol/SKILL.md' that is not included in this package — this is a minor inconsistency (missing referenced doc) but not a security concern by itself. The instructions do not ask the agent to read or exfiltrate unrelated system files or secrets.
安装机制
No install spec or code is included (instruction-only), so nothing is written to disk or fetched during install.
证书
No environment variables, credentials, or config paths are requested. The skill's needs are minimal and proportional to its purpose.
持久
always is false and the skill does not request persistent system presence or modify other skills/settings. Autonomous invocation is allowed by default on the platform but is not a special privilege of this skill.
综合结论
This is an instruction-only checklist for reviewing Phoenix LiveView code and appears coherent and low-risk. Before using it, note that it references a review-verification-protocol file that isn't included — confirm what that protocol requires. Because the skill is just guidance, the main privacy consideration is what code you let your agent analyze: do not expose secrets, credentials, or production-only config when asking for automated review…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Liveview Code Review」。简介:Reviews Phoenix LiveView code for lifecycle patterns, assigns/streams usage, co…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/anderskev/liveview-code-review/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: liveview-code-review
description: Reviews Phoenix LiveView code for lifecycle patterns, assigns/streams usage, components, and security. Use when reviewing LiveView modules, .heex templates, or LiveComponents.
---
# LiveView Code Review
## Quick Reference
| Issue Type | Reference |
|------------|-----------|
| mount, handle_params, handle_event, handle_async | [references/lifecycle.md](references/lifecycle.md) |
| When to use assigns vs streams, AsyncResult | [references/assigns-streams.md](references/assigns-streams.md) |
| Function vs LiveComponent, slots, attrs | [references/components.md](references/components.md) |
| Authorization per event, phx-value trust | [references/security.md](references/security.md) |
## Review Checklist
### Critical Issues
- [ ] No socket copying into async functions (extract values first)
- [ ] Every handle_event validates authorization
- [ ] No sensitive data in assigns (visible in DOM)
- [ ] phx-value data is validated (user-modifiable)
### Lifecycle
- [ ] Subscriptions wrapped in `connected?(socket)`
- [ ] handle_params used for URL-based state
- [ ] handle_async handles :loading and :error states
### Data Management
- [ ] Streams used for large collections (100+ items)
- [ ] temporary_assigns for data not needed after render
- [ ] AsyncResult patterns for loading states
### Components
- [ ] Function components preferred over LiveComponents
- [ ] LiveComponents preserve :inner_block in update/2
- [ ] Slots use proper attr declarations
- [ ] phx-debounce on text inputs
## Valid Patterns (Do NOT Flag)
- **Empty mount returning {:ok, socket}** - Valid for simple LiveViews
- **Using assigns for small lists** - Streams only needed for 100+ items
- **LiveComponent without update/2** - Default update/2 assigns all
- **phx-click without phx-value** - Event may not need data
- **Inline function in heex** - Valid for simple transforms
## Context-Sensitive Rules
| Issue | Flag ONLY IF |
|-------|--------------|
| Missing debounce | Input is text/textarea AND triggers server event |
| Use streams | Collection has 100+ items OR is paginated |
| Missing auth check | Event modifies data AND no auth in mount |
## Critical Anti-Patterns
### Socket Copying (MOST IMPORTANT)
```elixir
# BAD - socket copied into async function
def handle_event("load", _, socket) do
Task.async(fn ->
user = socket.assigns.user # Socket copied!
fetch_data(user.id)
end)
{:noreply, socket}
end
# GOOD - extract values first
def handle_event("load", _, socket) do
user_id = socket.assigns.user.id
Task.async(fn ->
fetch_data(user_id) # Only primitive copied
end)
{:noreply, socket}
end
```
### Missing Authorization
```elixir
# BAD - trusts phx-value without auth
def handle_event("delete", %{"id" => id}, socket) do
Posts.delete_post!(id) # Anyone can delete any post!
{:noreply, socket}
end
# GOOD - verify authorization
def handle_event("delete", %{"id" => id}, socket) do
post = Posts.get_post!(id)
if post.user_id == socket.assigns.current_user.id do
Posts.delete_post!(post)
{:noreply, stream_delete(socket, :posts, post)}
else
{:noreply, put_flash(socket, :error, "Unauthorized")}
end
end
```
## Before Submitting Findings
Use the issue format: `[FILE:LINE] ISSUE_TITLE` for each finding.
Load and follow [review-verification-protocol](../review-verification-protocol/SKILL.md) before reporting any issue.