AI代码审查助手
v1.0.0代码审查助手 - 自动分析代码,提供审查意见、性能优化建议、安全漏洞检测。支持多种编程语言,生成详细的代码审查报告。
0· 128·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill claims to run a Node-based code reviewer but provides no code or install spec and only instructs running scripts that aren't included, making it unclear what would actually execute.
评估建议
This package claims to be a Node-based code reviewer but the bundle lacks the scripts it tells you to run and has no install recipe. Before installing or running anything: verify the upstream GitHub repository and inspect the actual 'scripts/review.mjs' (or other runtime files) to see what they do; prefer skills that include their runtime or provide a clear, auditable install step; do not allow the agent to fetch or run remote code without reviewing it first. Also be aware a code-review tool wil...详细分析 ▾
⚠ 用途与能力
The name/description promise a Node-based code-review tool. It declares a dependency on the 'node' binary which is consistent, but the skill bundle contains no scripts, modules, or install steps that would implement the promised functionality. That mismatch (claims to run 'node scripts/review.mjs' but provides no such file or an install mechanism to obtain it) is incoherent.
⚠ 指令范围
SKILL.md and README instruct the agent/user to run 'node scripts/review.mjs' and use 'clawhub install', and to analyze project files (expected for a reviewer). However, because the runtime script is not included, it is unclear whether any implementation would read only project files or also access/send other data. The instructions give broad discretion (run a script that isn't present), which is a security risk until the actual script is inspected.
⚠ 安装机制
There is no install spec. The README mentions 'clawhub install' and a GitHub homepage, but the registry bundle contains only documentation files and no code. Without a defined, verifiable install source (e.g., a known release or included scripts), the agent or user might need to fetch code from an external location — which increases risk because the fetched code is not part of this package for review.
✓ 凭证需求
The skill requests only the 'node' binary and declares no environment variables, credentials, or config paths. That is proportionate to a local code-analysis tool.
✓ 持久化与权限
always is false and there is no indication the skill requests persistent/privileged presence or modifies other skills. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/21
Initial release: AI-powered code review assistant
● 无害
安装命令 点击复制
官方npx clawhub@latest install code-review-ai
镜像加速npx clawhub@latest install code-review-ai --registry https://cn.clawhub-mirror.com
技能文档
自动代码审查,提升代码质量。
功能特点
- 🔍 自动审查 - 分析代码结构和风格
- ⚡ 性能优化 - 识别性能瓶颈
- 🔒 安全检测 - 发现潜在安全漏洞
- 📊 质量报告 - 生成详细审查报告
- 🛠️ 多语言支持 - 支持 JS/Python/Go/Java 等
使用方法
node scripts/review.mjs --file ./src/app.js
License
MIT
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制