首页 / 技能 / Code Review Assistant — 智能代码评审

🔍 Code Review Assistant — 智能代码评审

v1.0.0

集成 AI 的自动化代码审查助手,可对 Pull Request 进行实时评审,自动检测潜在 bug、安全漏洞与代码异味,输出详细质量报告与修复建议,让团队保持高代码标准并加速合并流程。

0· 1.7k·8 当前·8 累计
by @sunshine-del-ux (Sunshine-del-ux)
开发工具自动化安全测试工具
下载技能包
最后更新
2026/3/2
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
This skill claims to perform automated, multi-language code reviews and vulnerability scans, but the included code is just a small Bash script that prints example reports rather than analyzing your code. If you expect real analysis, do not rely on this skill yet. Before installing or granting any secrets (e.g., GITHUB_TOKEN): 1) inspect the script and any other code to confirm it actually performs analysis (search for calls to linters, static analyzers, or network APIs); 2) run it in a sandbox o...
详细分析 ▾
用途与能力
The name and description promise automated, multi-language code analysis, bug detection, and vulnerability scanning. The repository contains only a small Bash script that prints hard-coded example reports and a brief handling of git diff; it does not actually parse files, run linters, static analyzers, or call any security scanners. This is a mismatch between claimed capability and actual implementation.
指令范围
SKILL.md instructs the user to run commands like 'review', 'diff', and 'pr' and claims built-in analysis for many languages. The shell script's 'review' command never reads or analyzes the target file/directory contents (it simply prints a canned report). The 'pr' command only prints a note about GITHUB_TOKEN and does not implement PR fetching. The instructions therefore overstate functionality and give the agent broad discretion without backing implementation.
安装机制
No install spec or external downloads are present; the skill is instruction-only with a bundled shell script. No network fetches or archive extraction are specified, which is low-risk from an install perspective.
凭证需求
No required environment variables are declared. The script mentions GITHUB_TOKEN in output text as an optional configuration for PR reviews; this is reasonable if PR integration were implemented, but currently GITHUB_TOKEN is not used in code. If PR support were added, a GitHub token would be expected; do not supply a token until you inspect and trust any code that uses it.
持久化与权限
The skill does not request persistent presence (always: false) and does not modify system configuration. It does not write files or install system-wide changes by itself.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/2

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install code-review-assistant
镜像加速npx clawhub@latest install code-review-assistant --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库