智能代码审查助手
v1.0.0代码审查助手 - 自动分析代码,提供审查意见、性能优化建议、安全漏洞检测。支持多种编程语言,生成详细的代码审查报告。
0· 162·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
high confidenceThe skill claims to be a runnable code-review tool but is instruction-only and provides no install or code — the runtime instructions reference a local Node script that is not included, which is an incoherence that could lead to unexpected behavior.
评估建议
This package is inconsistent: it advertises a Node-based code-review tool but does not include the scripts or an install step. Before installing or invoking it, verify the upstream GitHub repository and confirm where scripts/review.mjs comes from. Do not run 'node scripts/review.mjs' (or any unreviewed local Node script) in a production environment — inspect the script contents in a safe sandbox first. Ask the publisher to either include the tool or provide a clear, auditable install step (and t...详细分析 ▾
⚠ 用途与能力
The skill's name/description advertise a runnable code-review tool, and the SKILL.md shows a command (node scripts/review.mjs). Yet the package contains no code or install spec. Requiring the node binary is plausible, but there is no included review.mjs or any mechanism to obtain it, so the declared capability doesn't match what is actually provided.
⚠ 指令范围
Runtime instructions tell the agent to execute a local Node script (node scripts/review.mjs --file ...). That is scoped to code review, but it's vague about origin of the script. Because the script isn't bundled, the agent would either fail or run an existing local script in the user's workspace — running an arbitrary local Node script without knowing its contents is risky. The instructions do not reference external endpoints or credentials.
ℹ 安装机制
No install spec is provided (instruction-only). README mentions 'clawhub install code-review-assistant' but no installer or files are included in this package. Lack of an install mechanism reduces immediate supply-chain risk but creates inconsistency about how the tool is supposed to be obtained.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a local code-review helper. There is no evidence it requests unrelated secrets.
✓ 持久化与权限
always is false and there is no indication the skill requests permanent presence or modifies other skills/config. Autonomous invocation is allowed (platform default) but does not combine here with broad privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/20
初始版本:支持代码审查、性能优化建议、安全检测
● Pending
安装命令 点击复制
官方npx clawhub@latest install smart-code-reviewer
镜像加速npx clawhub@latest install smart-code-reviewer --registry https://cn.clawhub-mirror.com
技能文档
自动代码审查,提升代码质量。
功能特点
- 🔍 自动审查 - 分析代码结构和风格
- ⚡ 性能优化 - 识别性能瓶颈
- 🔒 安全检测 - 发现潜在安全漏洞
- 📊 质量报告 - 生成详细审查报告
- 🛠️ 多语言支持 - 支持 JS/Python/Go/Java 等
使用方法
node scripts/review.mjs --file ./src/app.js
License
MIT
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制